Merge e635681 into 930e9f0

rdmo/core/views.py

@@ -1,3 +1,4 @@
+import hashlib
 import logging
 
 from django.conf import settings
@@ -83,6 +84,18 @@ def get(self, request, *args, **kwargs):
         return super().get(self, request, *args, **kwargs)
 
 
+class StoreIdViewMixin(View):
+
+    def render_to_response(self, context, **response_kwargs):
+        response = super().render_to_response(context, **response_kwargs)
+        response.set_cookie('storeid', self.get_store_id(), samesite='Lax')
+        return response
+
+    def get_store_id(self):
+        session_key = self.request.session.session_key or 'anonymous'
+        return hashlib.sha256(session_key.encode()).hexdigest()
+
+
 class RedirectViewMixin(View):
 
     def post(self, request, *args, **kwargs):

rdmo/management/views.py

@@ -1,4 +1,3 @@
-import hashlib
 import logging
 
 from django.contrib.auth.mixins import LoginRequiredMixin
@@ -7,22 +6,15 @@
 from rules import test_rule
 from rules.contrib.views import PermissionRequiredMixin as RulesPermissionRequiredMixin
 
-from rdmo.core.views import CSRFViewMixin, PermissionRedirectMixin
+from rdmo.core.views import CSRFViewMixin, PermissionRedirectMixin, StoreIdViewMixin
 
 logger = logging.getLogger(__name__)
 
 
 class ManagementView(LoginRequiredMixin, PermissionRedirectMixin, RulesPermissionRequiredMixin,
-                     CSRFViewMixin, TemplateView):
+                     CSRFViewMixin, StoreIdViewMixin, TemplateView):
     template_name = 'management/management.html'
 
     def has_permission(self):
         # Use test_rule from rules for permissions check
         return test_rule('management.can_view_management', self.request.user, self.request.site)
-
-    def render_to_response(self, context, **response_kwargs):
-        storeid = hashlib.sha256(self.request.session.session_key.encode()).hexdigest()
-
-        response = super().render_to_response(context, **response_kwargs)
-        response.set_cookie('storeid', storeid)
-        return response

rdmo/projects/views/project.py

@@ -1,4 +1,3 @@
-import hashlib
 import logging
 
 from django.conf import settings
@@ -15,7 +14,7 @@
 from django.views.generic.edit import FormMixin
 
 from rdmo.core.plugins import get_plugin, get_plugins
-from rdmo.core.views import CSRFViewMixin, ObjectPermissionMixin, RedirectViewMixin
+from rdmo.core.views import CSRFViewMixin, ObjectPermissionMixin, RedirectViewMixin, StoreIdViewMixin
 from rdmo.questions.models import Catalog
 from rdmo.questions.utils import get_widgets
 from rdmo.tasks.models import Task
@@ -26,18 +25,10 @@
 
 logger = logging.getLogger(__name__)
 
-class ProjectsView(LoginRequiredMixin, CSRFViewMixin, TemplateView):
-    template_name = 'projects/projects.html'
 
-    # def has_permission(self):
-    #     # Use test_rule from rules for permissions check
-    #     return test_rule('projects.can_view_all_projects', self.request.user, self.request.site)
-    def render_to_response(self, context, **response_kwargs):
-      storeid = hashlib.sha256(self.request.session.session_key.encode()).hexdigest()
+class ProjectsView(LoginRequiredMixin, CSRFViewMixin, StoreIdViewMixin, TemplateView):
+    template_name = 'projects/projects.html'
 
-      response = super().render_to_response(context, **response_kwargs)
-      response.set_cookie('storeid', storeid)
-      return response
 
 class ProjectDetailView(ObjectPermissionMixin, DetailView):
     model = Project