Merge pull request #395 from Pet-projects-CodePET/refactor/requests_a…

…nd_serializers refactor: Все вернул назад, плюс разрешил теги
Pet-projects-CodePET · Jan 5, 2025 · 9635e7f · 9635e7f
2 parents 04ae0d3 + 592b067
commit 9635e7f
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 10 deletions.
diff --git a/src/backend/api/v1/profile/constants.py b/src/backend/api/v1/profile/constants.py
@@ -1 +1,17 @@
 PROFILES_PAGE_SIZE = 7
+ALLOWED_TAGS_BY_FRONT = [
+    "ol",
+    "ul",
+    "li",
+    "em",
+    "strong",
+    "u",
+    "br",
+    "p",
+    "span",
+    # разрешенные теги котоыре не нужно очищать
+]
+ALLOWED_ATTRIBUTES_BY_FRONT = {
+    "span": ["class", "style", "contenteditable"],
+    # разрещенные атрибуты.
+}
diff --git a/src/backend/api/v1/profile/serializers.py b/src/backend/api/v1/profile/serializers.py
@@ -1,4 +1,4 @@
-# import html
+import html
 from typing import ClassVar, Optional
 
 import bleach
@@ -14,6 +14,10 @@
     ProfessionSerializer,
     SkillSerializer,
 )
+from api.v1.profile.constants import (
+    ALLOWED_ATTRIBUTES_BY_FRONT,
+    ALLOWED_TAGS_BY_FRONT,
+)
 from apps.general.constants import MAX_SKILLS, MAX_SKILLS_MESSAGE
 from apps.general.models import Profession
 from apps.profile.constants import MAX_SPECIALISTS, MAX_SPECIALISTS_MESSAGE
@@ -233,10 +237,10 @@ class Meta(BaseProfileSerializer.Meta):
         )
         read_only_fields = fields
 
-    # def to_representation(self, instance):
-    #     rep = super().to_representation(instance)
-    #     rep["about"] = html.unescape(rep["about"])
-    #     return rep
+    def to_representation(self, instance):
+        rep = super().to_representation(instance)
+        rep["about"] = html.unescape(rep["about"])
+        return rep
 
 
 class ProfileMeWriteSerializer(ProfileMeReadSerializer):
@@ -265,5 +269,9 @@ def validate_about(self, value):
         HTML-тегов и атрибутов.
         """
 
-        safe_about = bleach.clean(value)
+        safe_about = bleach.clean(
+            value,
+            tags=ALLOWED_TAGS_BY_FRONT,
+            attributes=ALLOWED_ATTRIBUTES_BY_FRONT,
+        )
         return safe_about
diff --git a/src/backend/api/v1/projects/serializers.py b/src/backend/api/v1/projects/serializers.py
@@ -563,10 +563,10 @@ class Meta(BaseParticipationRequestSerializer.Meta):
         )
         read_only_field = ("request_participants",)
 
-        # def to_representation(self, instance):
-        #     rep = super().to_representation(instance)
-        #     rep["cover_letter"] = instance.cover_letter
-        #     return rep
+        def to_representation(self, instance):
+            rep = super().to_representation(instance)
+            rep["cover_letter"] = instance.cover_letter
+            return rep
 
     def get_request_status(self, obj) -> str:
         """Метод получения статуса запроса."""