From: Magnus Hagander <magnus@hagander.net>
Date: Sat, 6 Oct 2018 10:57:58 +0000 (+0200)
Subject: Add protection against concurrent modification of wiki pages
X-Git-Url: http://git.postgresql.org/gitweb/static/session/%7B%7Bsession.id%7D%7D-%7B%7Bsession.title%7Cslugify%7D%7D?a=commitdiff_plain;h=24ccc9658d6bd7107056119ff71d049cecea0edb;p=pgeu-website.git

Add protection against concurrent modification of wiki pages

Otherwise a second modification can overwrite the first one withuot
seeing it. We already have classes to handle it by storing a hash of the
data, but it was not enabled for the wikipage editing.
---

diff --git a/postgresqleu/confwiki/forms.py b/postgresqleu/confwiki/forms.py
index 550e445..fa36070 100644
--- a/postgresqleu/confwiki/forms.py
+++ b/postgresqleu/confwiki/forms.py
@@ -2,15 +2,17 @@ from django import forms
 from django.core.exceptions import ValidationError
 from django.db.models import Q
 
+from postgresqleu.util.forms import ConcurrentProtectedModelForm
+
 from postgresqleu.confreg.models import RegistrationType, ConferenceRegistration
 from models import Wikipage, Signup, AttendeeSignup
 
-class WikipageEditForm(forms.ModelForm):
+class WikipageEditForm(ConcurrentProtectedModelForm):
 	class Meta:
 		model = Wikipage
 		fields = ('contents',)
 
-class WikipageAdminEditForm(forms.ModelForm):
+class WikipageAdminEditForm(ConcurrentProtectedModelForm):
 	def __init__(self, *args, **kwargs):
 		super(WikipageAdminEditForm, self).__init__(*args, **kwargs)
 		self.fields['author'].queryset = ConferenceRegistration.objects.filter(conference=self.instance.conference)
@@ -71,7 +73,7 @@ class SignupSubmitForm(forms.Form):
 
 		return self.cleaned_data['choice']
 
-class SignupAdminEditForm(forms.ModelForm):
+class SignupAdminEditForm(ConcurrentProtectedModelForm):
 	def __init__(self, *args, **kwargs):
 		super(SignupAdminEditForm, self).__init__(*args, **kwargs)
 		self.fields['author'].queryset = ConferenceRegistration.objects.filter(conference=self.instance.conference)
@@ -84,7 +86,7 @@ class SignupAdminEditForm(forms.ModelForm):
 		model = Signup
 		exclude = ['conference', ]
 
-class SignupAdminEditSignupForm(forms.ModelForm):
+class SignupAdminEditSignupForm(ConcurrentProtectedModelForm):
 	choice = forms.ChoiceField(required=True)
 	class Meta:
 		model = AttendeeSignup
diff --git a/template.jinja/confwiki/wikipage_edit.html b/template.jinja/confwiki/wikipage_edit.html
index 2a17802..5569c31 100644
--- a/template.jinja/confwiki/wikipage_edit.html
+++ b/template.jinja/confwiki/wikipage_edit.html
@@ -26,9 +26,11 @@ table.pageform textarea {
 <a href="../"><h2>{{page.title}}</h2></a>
 
 <form method="post" action=".">{{ csrf_input }}
+{{form._validator}}
 <table class="pageform">
-<tr>
+<tr{%if form.non_field_errors()%} class="error"{%endif%}>
   <td>
+{%if form.non_field_errors()%}{{form.non_field_errors()}}{%endif%}
     {{form.contents}}
   </td>
 </tr>