Merge pull request #408 from PGScatalog/fix/csp_onclick_events

Fix/csp onclick events

catalog/static/catalog/pgs.js

@@ -619,6 +619,9 @@ $(document).ready(function() {
         pgs_tooltip();
       }, 500);
     });
+
+    // Add reset action to traits 'Reset View' button.
+    $('#reset_cat').click(reset_showhide_trait)
 });
 
 
@@ -940,7 +943,8 @@ function display_category_list(data_json) {
     e.setAttribute("data-placement", "left");
     e.setAttribute("data-delay", "800");
     e.setAttribute("title", "Click to display the list of traits related to '"+name+"'");
-    e.setAttribute("onclick", "showhide_trait('"+div_id+"', '"+name+"')");
+    // We are not using direct "onclick" action to make CSP happy.
+    e.addEventListener('click', showhide_trait.bind(null, div_id, name));
     trait_elem.appendChild(e);
 
 

catalog/templates/catalog/browse/traits.html

@@ -47,7 +47,7 @@ <h2 class="pgs_facet_icon pgs_facet_2_icon icon icon-species">{{ view_name }}</h
 
           <h3 class="mt-4">
             <span>Browse PGS by Trait Category</span><span class="info-icon-title" data-toggle="tooltip" data-placement="right" title="The trait categories are based on automatic annotations of the underlying traits in the Experimental Factor Ontology (EFO), and are used to browse the current data and describe the diversity of traits captured in the catalog in a minimal hierarchical structure."><i class="fas fa-info-circle"></i></span>
-            <span id="reset_cat" class="btn btn-pgs pgs_no_icon_link" onclick="reset_showhide_trait();"><span class="fas fa-redo"></span> Reset view</span>
+            <span id="reset_cat" class="btn btn-pgs pgs_no_icon_link"><span class="fas fa-redo"></span> Reset view</span>
           </h3>
 
           <div class="trait_graph_container">

curation_tracker/admin.py

@@ -627,29 +627,6 @@ def import_csv(self, request):
         return render(
             request, "curation_tracker/csv_form.html", payload
         )
-
-    @method_decorator(permission_required('curation_tracker.add_curationpublicationannotation', raise_exception=True))
-    def import_litsuggest_to_table(self,request):
-        '''Deprecated'''
-        if request.method == "POST":
-            litsuggest_file = request.FILES["litsuggest_file"]
-            models = litsuggest_fileupload_to_annotation_imports(litsuggest_file)
-
-            preview_data = list(map(annotation_import_to_dict,models))
-            request.session['preview_data'] = preview_data
-
-            return render(
-                request, "curation_tracker/litsuggest_preview_table.html", {
-                    'annotations': preview_data,
-                    'form': LitsuggestPreviewTableForm()
-                }
-            )
-
-        form = LitsuggestImportForm()
-        payload = {"form": form}
-        return render(
-            request, "curation_tracker/litsuggest_form.html", payload
-        )
 
     @method_decorator(permission_required('curation_tracker.add_curationpublicationannotation', raise_exception=True))
     def import_litsuggest(self,request):

curation_tracker/static/curation_tracker/pgs_admin.js

@@ -0,0 +1,9 @@
+document.addEventListener('DOMContentLoaded', function() {
+    // Add history.back() function to all cancel buttons
+    const cancelButtons = document.querySelectorAll('.pgs-admin-cancel');
+    cancelButtons.forEach(function(button) {
+        button.addEventListener('click', function() {
+            history.back();
+        });
+    });
+});

curation_tracker/static/curation_tracker/pgs_edit_curation_annotation_addon.js

@@ -138,6 +138,7 @@ function requestAuthorData(){
         console.error(error);
         alert('Error: '+error.statusText);
     })
+    return false;
 }
 
 $(document).ready(function(){
@@ -159,4 +160,7 @@ $(document).ready(function(){
 
     // Adding toggle AuthorSub suffix function
     $('#id_author_submission').click(toggleAuthorSub);
+
+    // Request Author Data button
+    $('#request_author_data_button').click(requestAuthorData);
 })

curation_tracker/templates/curation_tracker/litsuggest_base.html

@@ -0,0 +1,8 @@
+{% extends 'admin/base.html' %}
+{% load static %}
+
+{% block extrahead %}
+  {{ block.super }}
+  <script src="{% static 'curation_tracker/pgs_admin.js' %}"></script>
+  <link rel="stylesheet" href="{% static 'curation_tracker/pgs_admin.css' %}">
+{% endblock %}

curation_tracker/templates/curation_tracker/litsuggest_form.html

@@ -1,4 +1,4 @@
-{% extends 'admin/base.html' %}
+{% extends 'curation_tracker/litsuggest_base.html' %}
 
 {% block content %}
   <div id="content-main">
@@ -11,7 +11,7 @@ <h2 style="margin-bottom:1rem">LitSuggest file upload</h2>
           {% csrf_token %}
           <div class="submit-row" style="margin-bottom: 20px">
             <input type="submit" value="Preview" class="default" style="float:left; margin-right: 5px">
-            <input class="button" type="button" onclick="history.back()" value="Cancel" />
+            <input class="button pgs-admin-cancel" type="button" value="Cancel" />
           </div>
         </form>
       </div>

curation_tracker/templates/curation_tracker/litsuggest_preview_form.html

@@ -1,9 +1,4 @@
-{% extends 'admin/base.html' %}
-{% load static %}
-
-{% block extrahead %}{{ block.super }}
-<link rel="stylesheet" href="{% static 'curation_tracker/pgs_admin.css' %}">
-{% endblock %}
+{% extends 'curation_tracker/litsuggest_base.html' %}
 
 {% block content %}
   <div id="content-main">
@@ -16,7 +11,7 @@ <h2 style="margin-bottom:1rem">LitSuggest file upload</h2>
           {% csrf_token %}
           <div class="submit-row">
             <input type="submit" value="Confirm" class="default" style="float:left; font-weight: bold; margin-right: 5px">
-            <input class="button" type="button" onclick="history.back()" value="Cancel" />
+            <input class="button pgs-admin-cancel" type="button" value="Cancel" />
           </div>
           <div class="help">(Studies with errors and tagged as 'Not PGS' won't be imported)</div>
       </div>
@@ -58,7 +53,7 @@ <h2>Import Preview:</h2>
       </div>
       <div class="submit-row">
         <input type="submit" value="Confirm" class="default" style="float:left; font-weight: bold; margin-right: 5px">
-        <input class="button" type="button" onclick="history.back()" value="Cancel" />
+        <input class="button pgs-admin-cancel" type="button" value="Cancel" />
       </div>
       <div class="help">(Studies with errors and tagged as 'Not PGS' won't be imported)</div>
       {% if skipped_publications %}

curation_tracker/templates/curation_tracker/publication_change_form.html

@@ -10,8 +10,7 @@
 
 {% block object-tools-items %}
     {% if perms.curation_tracker.change_curationpublicationannotation %}
-    <li><a href="" class="historylink" onclick="requestAuthorData(); return false;">Request Author Data</a></li>
+    <li><a id="request_author_data_button" href="" class="historylink">Request Author Data</a></li>
     {% endif %}
     {{ block.super }}
 {% endblock %}
-

pgs_web/settings.py

@@ -163,7 +163,8 @@ def get_base_url(full_url):
                 get_base_url(STYLES_URLS['ebi']))
 # connect-src
 CSP_CONNECT_SRC = ("'self'",
-                   USEFUL_URLS['EBI_URL'])
+                   USEFUL_URLS['EBI_URL'],
+                   USEFUL_URLS['PGS_WEBSITE_URL'])
 
 # Live middleware
 if PGS_ON_LIVE_SITE: