Only reveal hashids to the ui

2025-06-12 00:50:40 +00:00 · 2021-11-30 16:22:16 +01:00
parent 3e227dc4cf
commit 72ba61f369
39 changed files with 1098 additions and 1083 deletions
--- a/app/jobs/routes.py
+++ b/app/jobs/routes.py
@ -8,33 +8,33 @@ from ..models import Job, JobInput, JobResult
 import os


-@bp.route('/<int:job_id>')
+@bp.route('/<hashid:job_id>')
@login_required
 def job(job_id):
    job = Job.query.get_or_404(job_id)
-    if not (job.creator == current_user or current_user.is_administrator()):
+    if not (job.user == current_user or current_user.is_administrator()):
        abort(403)
    job_inputs = [job_input.to_dict() for job_input in job.inputs]
    return render_template('jobs/job.html.j2', job=job, job_inputs=job_inputs,
                           title='Job')


-@bp.route('/<int:job_id>/delete')
+@bp.route('/<hashid:job_id>/delete')
@login_required
 def delete_job(job_id):
    job = Job.query.get_or_404(job_id)
-    if not (job.creator == current_user or current_user.is_administrator()):
+    if not (job.user == current_user or current_user.is_administrator()):
        abort(403)
    tasks.delete_job(job_id)
    flash('Job has been marked for deletion!', 'job')
    return redirect(url_for('main.dashboard'))


-@bp.route('/<int:job_id>/inputs/<int:job_input_id>/download')
+@bp.route('/<hashid:job_id>/inputs/<hashid:job_input_id>/download')
@login_required
 def download_job_input(job_id, job_input_id):
    job_input = JobInput.query.filter(JobInput.job_id == job_id, JobInput.id == job_input_id).first_or_404()  # noqa
-    if not (job_input.job.creator == current_user
+    if not (job_input.job.user == current_user
            or current_user.is_administrator()):
        abort(403)
    return send_from_directory(as_attachment=True,
@ -42,7 +42,7 @@ def download_job_input(job_id, job_input_id):
                               filename=job_input.filename)


-@bp.route('/<int:job_id>/restart')
+@bp.route('/<hashid:job_id>/restart')
@login_required
@admin_required
 def restart(job_id):
@ -55,11 +55,11 @@ def restart(job_id):
    return redirect(url_for('.job', job_id=job_id))


-@bp.route('/<int:job_id>/results/<int:job_result_id>/download')
+@bp.route('/<hashid:job_id>/results/<hashid:job_result_id>/download')
@login_required
 def download_job_result(job_id, job_result_id):
    job_result = JobResult.query.filter(JobResult.job_id == job_id, JobResult.id == job_result_id).first_or_404()  # noqa
-    if not (job_result.job.creator == current_user
+    if not (job_result.job.user == current_user
            or current_user.is_administrator()):
        abort(403)
    return send_from_directory(as_attachment=True,