2 files changed, 161 insertions, 26 deletions

diff --git a/_deploy/debian/settings.py b/_deploy/debian/settings.py
new file mode 100644
index 0000000..938c024
--- /dev/null
+++ b/_deploy/debian/settings.py
@@ -0,0 +1,147 @@
+"""
+Django settings for troggle project.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/dev/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/dev/ref/settings/
+"""
+# Imports should be grouped in the following order:
+
+# 1.Standard library imports.
+# 2.Related third party imports.
+# 3.Local application/library specific imports.
+# 4.You should put a blank line between each group of imports.
+
+
+
+print("*  importing troggle/settings.py")
+
+# default value, then gets overwritten by real secrets
+SECRET_KEY = "not-the-real-secret-key-a#vaeozn0---^fj!355qki*vj2"
+
+GIT = "git"  # command for running git
+
+# Note that this builds upon the django system installed
+# global settings in
+# django/conf/global_settings.py which is automatically loaded first.
+# read https://docs.djangoproject.com/en/dev/topics/settings/
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+# BASE_DIR = os.path.dirname(os.path.dirname(__file__))
+
+# Django settings for troggle project.
+
+ALLOWED_HOSTS = ["*", "expo.survex.com", ".survex.com", "localhost", "127.0.0.1", "192.168.0.5"]
+
+ADMINS = (
+    # ('Your Name', 'your_email@domain.com'),
+)
+MANAGERS = ADMINS
+
+# LOGIN_URL = '/accounts/login/' # this is the default value so does not need to be set
+
+# Local time zone for this installation. Choices can be found here:
+# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
+# although not all choices may be available on all operating systems.
+# If running in a Windows environment this must be set to the same as your
+# system time zone.
+USE_TZ = True
+TIME_ZONE = "Europe/London"
+
+# Language code for this installation. All choices can be found here:
+# http://www.i18nguy.com/unicode/language-identifiers.html
+LANGUAGE_CODE = "en-uk"
+
+SITE_ID = 1
+
+# If you set this to False, Django will make some optimizations so as not
+# to load the internationalization machinery.
+USE_I18N = True
+USE_L10N = True
+
+FIX_PERMISSIONS = []
+
+# top-level survex file basename (without .svx)
+SURVEX_TOPNAME = "1623-and-1626-no-schoenberg-hs"
+
+
+# Caves for which survex files exist, but are not otherwise registered
+# replaced (?) by expoweb/cave_data/pendingcaves.txt
+# PENDING = ["1626-361", "2007-06", "2009-02",
+# "2012-ns-01", "2012-ns-02", "2010-04", "2012-ns-05", "2012-ns-06",
+# "2012-ns-07", "2012-ns-08", "2012-ns-12", "2012-ns-14", "2012-ns-15", "2014-bl888",
+# "2018-pf-01", "2018-pf-02"]
+
+APPEND_SLASH = (
+    False  # never relevant because we have urls that match unknown files and produce an 'edit this page' response
+)
+SMART_APPEND_SLASH = True  # not eorking as middleware different after Dj2.0
+
+
+LOGIN_REDIRECT_URL = "/"  # does not seem to have any effect
+
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_BROWSER_XSS_FILTER = True
+# SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel, bug elsewhere?
+# CSRF_COOKIE_SECURE = True # if enabled only sends cookies over SSL
+X_FRAME_OPTIONS = "DENY"  # changed to "DENY" after I eliminated all the iframes e.g. /xmlvalid.html
+
+DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"  # from Django 3.2
+
+INSTALLED_APPS = (
+    "django.contrib.admin",
+    "django.contrib.auth",  # includes the url redirections for login, logout
+    "django.contrib.contenttypes",
+    "django.contrib.sessions",
+    "django.contrib.messages",
+    "django.contrib.admindocs",
+    "django.forms",  # Required to customise widget templates
+    #    'django.contrib.staticfiles', # We put our CSS etc explicitly in the right place so do not need this
+    "troggle.core",
+)
+
+FORM_RENDERER = "django.forms.renderers.TemplatesSetting"  # Required to customise widget templates
+
+# See the recommended order of these in https://docs.djangoproject.com/en/dev/ref/middleware/
+# Note that this is a radically different onion architecture from earlier versions though it looks the same,
+# see https://docs.djangoproject.com/en/dev/topics/http/middleware/#upgrading-pre-django-1-10-style-middleware
+# Seriously, read this: https://www.webforefront.com/django/middlewaredjango.html which is MUCH BETTER than the docs
+MIDDLEWARE = [
+    #'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST # we don't use this
+    "django.middleware.gzip.GZipMiddleware",  # not needed when expofiles and photos served by apache
+    "django.contrib.sessions.middleware.SessionMiddleware",  # Manages sessions, if CSRF_USE_SESSIONS then it needs to be early
+    "django.middleware.common.CommonMiddleware",  # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
+    "django.middleware.csrf.CsrfViewMiddleware",  # Cross Site Request Forgeries by adding hidden form fields to POST
+    "django.contrib.auth.middleware.AuthenticationMiddleware",  # Adds the user attribute, representing the currently-logged-in user
+    "django.contrib.admindocs.middleware.XViewMiddleware",  # this and docutils needed by admindocs
+    "django.contrib.messages.middleware.MessageMiddleware",  # Cookie-based and session-based message support. Needed by admin system
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",  # clickjacking protection via the X-Frame-Options header
+    #'django.middleware.security.SecurityMiddleware', # SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, SECURE_REFERRER_POLICY, and SECURE_SSL_REDIRECT
+    #'troggle.core.middleware.SmartAppendSlashMiddleware' # needs adapting after Dj2.0
+]
+
+ROOT_URLCONF = "troggle.urls"
+
+WSGI_APPLICATION = "troggle.wsgi.application"  # change to asgi as soon as we upgrade to Django 3.0
+
+ACCOUNT_ACTIVATION_DAYS = 3
+
+# AUTH_PROFILE_MODULE = 'core.person' # used by removed profiles app ?
+
+QM_PATTERN = "\[\[\s*[Qq][Mm]:([ABC]?)(\d{4})-(\d*)-(\d*)\]\]"
+
+# Re-enable TinyMCE when Dj upgraded to v3. Also templates/editexpopage.html
+# TINYMCE_DEFAULT_CONFIG = {
+# 'plugins': "table,spellchecker,paste,searchreplace",
+# 'theme': "advanced",
+# }
+# TINYMCE_SPELLCHECKER = False
+# TINYMCE_COMPRESSOR = True
+
+TEST_RUNNER = "django.test.runner.DiscoverRunner"
+
+from localsettings import *
+
+# localsettings needs to take precedence. Call it to override any existing vars.
diff --git a/_deploy/wsl/localsettingsWSL.py b/_deploy/wsl/localsettingsWSL.py
index 7998996..8308c6e 100644
--- a/_deploy/wsl/localsettingsWSL.py
+++ b/_deploy/wsl/localsettingsWSL.py
@@ -46,7 +46,6 @@ PV = "python" + str(sys.version_info.major) + "." + str(sys.version_info.minor)
 # --------------------- MEDIA redirections BEGIN ---------------------
 REPOS_ROOT_PATH = Path(__file__).parent.parent
 LIBDIR = REPOS_ROOT_PATH / "lib" / PV
-# LIBDIR  =  REPOS_ROOT_PATH / 'lib' / 'python3.9'
 
 TROGGLE_PATH = Path(__file__).parent
 TEMPLATE_PATH = TROGGLE_PATH / "templates"
@@ -58,7 +57,12 @@ EXPOFILES = REPOS_ROOT_PATH / "expofiles"
 
 SCANS_ROOT = EXPOFILES / "surveyscans"
 PHOTOS_ROOT = EXPOFILES / "photos"
-PHOTOS_YEAR = "2022"
+PHOTOS_YEAR = "2023"
+NOTABLECAVESHREFS = ["290", "291", "264", "258", "204", "359", "76", "107"]
+
+
+PYTHON_PATH = REPOS_ROOT_PATH / "troggle"
+LOGFILE = PYTHON_PATH / "troggle.log"
 
 # URL that handles the media served from MEDIA_ROOT. Make sure to use a
 # trailing slash if there is a path component (optional in other cases).
@@ -118,11 +122,6 @@ if DBSWITCH == "sqlite":
 if DBSWITCH == "mariadb":
     DATABASES = DBMARIADB
 
-NOTABLECAVESHREFS = ["290", "291", "359", "264", "258", "204", "76", "107"]
-
-PYTHON_PATH = REPOS_ROOT_PATH / "troggle"
-
-LOGFILE = PYTHON_PATH / "troggle.log"
 
 
 TEMPLATES = [
@@ -165,29 +164,18 @@ DEFAULT_FROM_EMAIL = "django-test@klebos.net"
 SURVEX_DATA = REPOS_ROOT_PATH / "loser"
 DRAWINGS_DATA = REPOS_ROOT_PATH / "drawings"
 EXPOWEB = REPOS_ROOT_PATH / "expoweb"
-
 CAVEDESCRIPTIONS = EXPOWEB / "cave_data"
 ENTRANCEDESCRIPTIONS = EXPOWEB / "entrance_data"
+
 EXPOWEB_URL = ""
 # SCANS_URL = '/survey_scans/' # defunct, removed.
 
-# Sanitise these to be strings as all other code is expecting strings
-# and we have not made the change to pathlib Path type in the other localsettings-* variants yet.
-# CAVEDESCRIPTIONS = str(CAVEDESCRIPTIONS)
-# ENTRANCEDESCRIPTIONS = str(ENTRANCEDESCRIPTIONS)
-# LOGFILE = str(LOGFILE)
-# EXPOWEB = str(EXPOWEB)
-# DRAWINGS_DATA     = str(DRAWINGS_DATA)
-# SURVEX_DATA     = str(SURVEX_DATA)
-# TEMPLATE_PATH   = str(TROGGLE_PATH)
-# MEDIA_ROOT      = str(MEDIA_ROOT)
-# JSLIB_ROOT      = str(JSLIB_ROOT)
-# SCANS_ROOT    = str(SCANS_ROOT)
-# EXPOFILES = str(EXPOFILES)
-# PHOTOS_ROOT = str(PHOTOS_ROOT)
-STATIC_URL = str(STATIC_URL) + "/"
-MEDIA_URL = str(MEDIA_URL) + "/"
-# PYTHON_PATH = str(PYTHON_PATH)
-# REPOS_ROOT_PATH = str(REPOS_ROOT_PATH)
 sys.path.append(str(REPOS_ROOT_PATH))
 sys.path.append(str(PYTHON_PATH))
+#TINY_MCE_MEDIA_ROOT = STATIC_ROOT + '/tiny_mce/' # not needed while TinyMCE not installed
+#TINY_MCE_MEDIA_URL = STATIC_URL + '/tiny_mce/' # not needed while TinyMCE not installed
+
+# Sanitise these to be strings as Django seems to be particularly sensitive to crashing if they aren't
+STATIC_URL = str(STATIC_URL) + "/"
+MEDIA_URL = str(MEDIA_URL) + "/"
+