settings.PUBLIC_SITE, login required if public for logbook entry, CRCF middleware

6 files changed, 12 insertions, 3 deletions

diff --git a/localsettingsserver.py b/localsettingsserver.py
index 208aed9..cd05178 100644
--- a/localsettingsserver.py
+++ b/localsettingsserver.py
@@ -16,6 +16,8 @@ SURVEY_SCANS = '/home/expo/expoimages/'
 FILES = '/home/expo/expoimages'
 EXPOWEB_URL = 'http://expo.survex.com/'
 
+PUBLIC_SITE = True
+
 SURVEYS_URL = 'http://troggle.cavingexpedition.com/survey_scans/'
 
 SVX_URL = 'http://framos.lawoftheland.co.uk/troggle/survex/'
diff --git a/localsettingsubuntu.py b/localsettingsubuntu.py
index c8800b9..991a77f 100644
--- a/localsettingsubuntu.py
+++ b/localsettingsubuntu.py
@@ -13,6 +13,8 @@ SURVEYS = '/home/goatchurch/tunnel/cucc/surveys'
 
 EXPOWEB_URL = 'http://expo.survex.com/'
 
+PUBLIC_SITE = False
+
 CAVERN = 'cavern'
 EXPOWEB = '/home/goatchurch/expoweb/'
 SURVEYS_URL = ''
diff --git a/localsettingswindows.py b/localsettingswindows.py
index 717167f..3b0447e 100644
--- a/localsettingswindows.py
+++ b/localsettingswindows.py
@@ -18,6 +18,7 @@ LOGFILE = EXPOWEB+'troggle\\parsing_log.txt'
 PHOTOS = 'C:\\Expo\\expoweb\\photos'

 

 URL_ROOT = 'http://127.0.0.1:8000'

+PUBLIC_SITE = False

 

 TINY_MCE_MEDIA_ROOT = '/usr/share/tinymce/www/' 

 TINY_MCE_MEDIA_URL = URL_ROOT + 'tinymce_media/'

diff --git a/settings.py b/settings.py
index 9078f11..5a41239 100644
--- a/settings.py
+++ b/settings.py
@@ -63,6 +63,7 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.redirects.middleware.RedirectFallbackMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
     'troggle.middleware.SmartAppendSlashMiddleware'
 )
 
diff --git a/templates/logbookentry.html b/templates/logbookentry.html
index 19b8a30..04229fb 100644
--- a/templates/logbookentry.html
+++ b/templates/logbookentry.html
@@ -5,7 +5,9 @@
 {% block editLink %}<a href={{logbookentry.get_admin_url}}>Edit logbook entry {{logbookentry|wiki_to_html_short}}</a>{% endblock %}

 {% block content %}

 

-<h2>{{logbookentry.title|safe}}</h2>

+{% block related %}{% endblock %}

+{% block nav %}{% endblock %}

+<h2>{{logbookentry.title}}</h2>

 

 <div id="related">

 <p><a href="{{ logbookentry.expedition.get_absolute_url }}">{{logbookentry.expedition.name}}</a></p>

@@ -69,6 +71,7 @@
 </div>

 </div>

 

-{% if logbookentry.filename %}<a href="{% url editlogbookentry year=logbookentry.year pdate=logbookentry.date pslug=logbookentry.slug %}">Edit</a> <a href="{% url deletelogbookentry year=logbookentry.year date=logbookentry.date slug=logbookentry.slug %}">Delete</a>{%endif%}

+{% if logbookentry.filename %}<a href="{% url editLogBookEntry expeditionyear=logbookentry.expedition.year pdate=logbookentry.date pslug=logbookentry.slug %}">Edit</a> <a href="{% url deleteLogBookEntry expeditionyear=logbookentry.expedition.year date=logbookentry.date slug=logbookentry.slug %}">Delete</a>{%endif%}

+

 

 {% endblock %}

diff --git a/templates/registration/login.html b/templates/registration/login.html
index 04b5074..2d49395 100644
--- a/templates/registration/login.html
+++ b/templates/registration/login.html
@@ -6,7 +6,7 @@
 <p>Your username and password didn't match. Please try again.</p>

 {% endif %}

 

-<form method="post" action=".">

+<form method="post" action=".">{% csrf_token %}

 <table>

 <tr><td>{{ form.username.label_tag }}</td><td>{{ form.username }}</td></tr>

 <tr><td>{{ form.password.label_tag }}</td><td>{{ form.password }}</td></tr>