1 #
2 # Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/)
3 # This module is free software, and you may redistribute it and/or modify
4 # under the same terms as Python, so long as this copyright message and
5 # disclaimer are retained in their original form.
6 #
7 # IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR
8 # DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
9 # OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE
10 # POSSIBILITY OF SUCH DAMAGE.
11 #
12 # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
13 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
14 # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS"
15 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
16 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
17 #
18 # $Id: cgi_client.py,v 1.161 2002-08-19 00:21:10 richard Exp $
20 __doc__ = """
21 WWW request handler (also used in the stand-alone server).
22 """
24 import os, cgi, StringIO, urlparse, re, traceback, mimetypes, urllib
25 import binascii, Cookie, time, random
27 import roundupdb, htmltemplate, date, hyperdb, password
28 from roundup.i18n import _
30 class Unauthorised(ValueError):
31 pass
33 class NotFound(ValueError):
34 pass
36 def initialiseSecurity(security):
37 ''' Create some Permissions and Roles on the security object
39 This function is directly invoked by security.Security.__init__()
40 as a part of the Security object instantiation.
41 '''
42 security.addPermission(name="Web Registration",
43 description="User may register through the web")
44 p = security.addPermission(name="Web Access",
45 description="User may access the web interface")
46 security.addPermissionToRole('Admin', p)
48 # doing Role stuff through the web - make sure Admin can
49 p = security.addPermission(name="Web Roles",
50 description="User may manipulate user Roles through the web")
51 security.addPermissionToRole('Admin', p)
53 class Client:
54 '''
55 A note about login
56 ------------------
58 If the user has no login cookie, then they are anonymous. There
59 are two levels of anonymous use. If there is no 'anonymous' user, there
60 is no login at all and the database is opened in read-only mode. If the
61 'anonymous' user exists, the user is logged in using that user (though
62 there is no cookie). This allows them to modify the database, and all
63 modifications are attributed to the 'anonymous' user.
65 Once a user logs in, they are assigned a session. The Client instance
66 keeps the nodeid of the session as the "session" attribute.
67 '''
69 def __init__(self, instance, request, env, form=None):
70 hyperdb.traceMark()
71 self.instance = instance
72 self.request = request
73 self.env = env
74 self.path = env['PATH_INFO']
75 self.split_path = self.path.split('/')
76 self.instance_path_name = env['INSTANCE_NAME']
77 url = self.env['SCRIPT_NAME'] + '/'
78 machine = self.env['SERVER_NAME']
79 port = self.env['SERVER_PORT']
80 if port != '80': machine = machine + ':' + port
81 self.base = urlparse.urlunparse(('http', env['HTTP_HOST'], url,
82 None, None, None))
84 if form is None:
85 self.form = cgi.FieldStorage(environ=env)
86 else:
87 self.form = form
88 self.headers_done = 0
89 try:
90 self.debug = int(env.get("ROUNDUP_DEBUG", 0))
91 except ValueError:
92 # someone gave us a non-int debug level, turn it off
93 self.debug = 0
95 def getuid(self):
96 try:
97 return self.db.user.lookup(self.user)
98 except KeyError:
99 if self.user is None:
100 # user is not logged in and username 'anonymous' doesn't
101 # exist in the database
102 err = _('anonymous users have read-only access only')
103 else:
104 err = _("sanity check: unknown user name `%s'")%self.user
105 raise Unauthorised, errmsg
107 def header(self, headers=None, response=200):
108 '''Put up the appropriate header.
109 '''
110 if headers is None:
111 headers = {'Content-Type':'text/html'}
112 if not headers.has_key('Content-Type'):
113 headers['Content-Type'] = 'text/html'
114 self.request.send_response(response)
115 for entry in headers.items():
116 self.request.send_header(*entry)
117 self.request.end_headers()
118 self.headers_done = 1
119 if self.debug:
120 self.headers_sent = headers
122 global_javascript = '''
123 <script language="javascript">
124 submitted = false;
125 function submit_once() {
126 if (submitted) {
127 alert("Your request is being processed.\\nPlease be patient.");
128 return 0;
129 }
130 submitted = true;
131 return 1;
132 }
134 function help_window(helpurl, width, height) {
135 HelpWin = window.open('%(base)s%(instance_path_name)s/' + helpurl, 'RoundupHelpWindow', 'scrollbars=yes,resizable=yes,toolbar=no,height='+height+',width='+width);
136 }
138 </script>
139 '''
140 def make_index_link(self, name):
141 '''Turn a configuration entry into a hyperlink...
142 '''
143 # get the link label and spec
144 spec = getattr(self.instance, name+'_INDEX')
146 d = {}
147 d[':sort'] = ','.join(map(urllib.quote, spec['SORT']))
148 d[':group'] = ','.join(map(urllib.quote, spec['GROUP']))
149 d[':filter'] = ','.join(map(urllib.quote, spec['FILTER']))
150 d[':columns'] = ','.join(map(urllib.quote, spec['COLUMNS']))
151 d[':pagesize'] = spec.get('PAGESIZE','50')
153 # snarf the filterspec
154 filterspec = spec['FILTERSPEC'].copy()
156 # now format the filterspec
157 for k, l in filterspec.items():
158 # fix up the CURRENT USER if needed (handle None too since that's
159 # the old flag value)
160 if l in (None, 'CURRENT USER'):
161 if not self.user:
162 continue
163 l = [self.db.user.lookup(self.user)]
165 # add
166 d[urllib.quote(k)] = ','.join(map(urllib.quote, l))
168 # finally, format the URL
169 return '<a href="%s?%s">%s</a>'%(spec['CLASS'],
170 '&'.join([k+'='+v for k,v in d.items()]), spec['LABEL'])
173 def pagehead(self, title, message=None):
174 '''Display the page heading, with information about the tracker and
175 links to more information
176 '''
178 # include any important message
179 if message is not None:
180 message = _('<div class="system-msg">%(message)s</div>')%locals()
181 else:
182 message = ''
184 # style sheet (CSS)
185 style = open(os.path.join(self.instance.TEMPLATES, 'style.css')).read()
187 # figure who the user is
188 user_name = self.user
189 userid = self.db.user.lookup(user_name)
190 default_queries = 1
191 links = []
192 if user_name != 'anonymous':
193 try:
194 default_queries = self.db.user.get(userid, 'defaultqueries')
195 except KeyError:
196 pass
198 # figure all the header links
199 if default_queries:
200 if hasattr(self.instance, 'HEADER_INDEX_LINKS'):
201 for name in self.instance.HEADER_INDEX_LINKS:
202 spec = getattr(self.instance, name + '_INDEX')
203 # skip if we need to fill in the logged-in user id and
204 # we're anonymous
205 if (spec['FILTERSPEC'].has_key('assignedto') and
206 spec['FILTERSPEC']['assignedto'] in ('CURRENT USER',
207 None) and user_name == 'anonymous'):
208 continue
209 links.append(self.make_index_link(name))
210 else:
211 # no config spec - hard-code
212 links = [
213 _('All <a href="issue?status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>'),
214 _('Unassigned <a href="issue?assignedto=-1&status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status,assignedto&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>')
215 ]
217 user_info = _('<a href="login">Login</a>')
218 add_links = ''
219 if user_name != 'anonymous':
220 # add any personal queries to the menu
221 try:
222 queries = self.db.getclass('query')
223 except KeyError:
224 # no query class
225 queries = self.instance.dbinit.Class(self.db, "query",
226 klass=hyperdb.String(), name=hyperdb.String(),
227 url=hyperdb.String())
228 queries.setkey('name')
229 #queries.disableJournalling()
230 try:
231 qids = self.db.getclass('user').get(userid, 'queries')
232 except KeyError, e:
233 #self.db.getclass('user').addprop(queries=hyperdb.Multilink('query'))
234 qids = []
235 for qid in qids:
236 links.append('<a href=%s?%s>%s</a>'%(queries.get(qid, 'klass'),
237 queries.get(qid, 'url'), queries.get(qid, 'name')))
239 # if they're logged in, include links to their information,
240 # and the ability to add an issue
241 user_info = _('''
242 <a href="user%(userid)s">My Details</a> | <a href="logout">Logout</a>
243 ''')%locals()
245 # figure the "add class" links
246 if hasattr(self.instance, 'HEADER_ADD_LINKS'):
247 classes = self.instance.HEADER_ADD_LINKS
248 else:
249 classes = ['issue']
250 l = []
251 for class_name in classes:
252 # make sure the user has permission to add
253 if not self.db.security.hasPermission('Edit', userid, class_name):
254 continue
255 cap_class = class_name.capitalize()
256 links.append(_('Add <a href="new%(class_name)s">'
257 '%(cap_class)s</a>')%locals())
259 # if the user can edit everything, include the links
260 admin_links = ''
261 userid = self.db.user.lookup(user_name)
262 if self.db.security.hasPermission('Edit', userid):
263 links.append(_('<a href="list_classes">Class List</a>'))
264 links.append(_('<a href="user?:sort=username&:group=roles">User List</a>'))
265 links.append(_('<a href="newuser">Add User</a>'))
267 # add the search links
268 if hasattr(self.instance, 'HEADER_SEARCH_LINKS'):
269 classes = self.instance.HEADER_SEARCH_LINKS
270 else:
271 classes = ['issue']
272 l = []
273 for class_name in classes:
274 # make sure the user has permission to view
275 if not self.db.security.hasPermission('View', userid, class_name):
276 continue
277 cap_class = class_name.capitalize()
278 links.append(_('Search <a href="search%(class_name)s">'
279 '%(cap_class)s</a>')%locals())
281 # now we have all the links, join 'em
282 links = '\n | '.join(links)
284 # include the javascript bit
285 global_javascript = self.global_javascript%self.__dict__
287 # finally, format the header
288 self.write(_('''<html><head>
289 <title>%(title)s</title>
290 <style type="text/css">%(style)s</style>
291 </head>
292 %(global_javascript)s
293 <body bgcolor=#ffffff>
294 %(message)s
295 <table width=100%% border=0 cellspacing=0 cellpadding=2>
296 <tr class="location-bar">
297 <td><big><strong>%(title)s</strong></big></td>
298 <td align=right valign=bottom>%(user_name)s</td>
299 </tr>
300 <tr class="location-bar">
301 <td align=left>%(links)s</td>
302 <td align=right>%(user_info)s</td>
303 </tr>
304 </table><br>
305 ''')%locals())
307 def pagefoot(self):
308 if self.debug:
309 self.write(_('<hr><small><dl><dt><b>Path</b></dt>'))
310 self.write('<dd>%s</dd>'%(', '.join(map(repr, self.split_path))))
311 keys = self.form.keys()
312 keys.sort()
313 if keys:
314 self.write(_('<dt><b>Form entries</b></dt>'))
315 for k in self.form.keys():
316 v = self.form.getvalue(k, "<empty>")
317 if type(v) is type([]):
318 # Multiple username fields specified
319 v = "|".join(v)
320 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
321 keys = self.headers_sent.keys()
322 keys.sort()
323 self.write(_('<dt><b>Sent these HTTP headers</b></dt>'))
324 for k in keys:
325 v = self.headers_sent[k]
326 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
327 keys = self.env.keys()
328 keys.sort()
329 self.write(_('<dt><b>CGI environment</b></dt>'))
330 for k in keys:
331 v = self.env[k]
332 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
333 self.write('</dl></small>')
334 self.write('</body></html>')
336 def write(self, content):
337 if not self.headers_done:
338 self.header()
339 self.request.wfile.write(content)
341 def index_arg(self, arg):
342 ''' handle the args to index - they might be a list from the form
343 (ie. submitted from a form) or they might be a command-separated
344 single string (ie. manually constructed GET args)
345 '''
346 if self.form.has_key(arg):
347 arg = self.form[arg]
348 if type(arg) == type([]):
349 return [arg.value for arg in arg]
350 return arg.value.split(',')
351 return []
353 def index_sort(self):
354 # first try query string / simple form
355 x = self.index_arg(':sort')
356 if x:
357 if self.index_arg(':descending'):
358 return ['-'+x[0]]
359 return x
360 # nope - get the specs out of the form
361 specs = []
362 for colnm in self.db.getclass(self.classname).getprops().keys():
363 desc = ''
364 try:
365 spec = self.form[':%s_ss' % colnm]
366 except KeyError:
367 continue
368 spec = spec.value
369 if spec:
370 if spec[-1] == '-':
371 desc='-'
372 spec = spec[0]
373 specs.append((int(spec), colnm, desc))
374 specs.sort()
375 x = []
376 for _, colnm, desc in specs:
377 x.append('%s%s' % (desc, colnm))
378 return x
380 def index_filterspec(self, filter, classname=None):
381 ''' pull the index filter spec from the form
383 Links and multilinks want to be lists - the rest are straight
384 strings.
385 '''
386 if classname is None:
387 classname = self.classname
388 klass = self.db.getclass(classname)
389 filterspec = {}
390 props = klass.getprops()
391 for colnm in filter:
392 widget = ':%s_fs' % colnm
393 try:
394 val = self.form[widget]
395 except KeyError:
396 try:
397 val = self.form[colnm]
398 except KeyError:
399 # they checked the filter box but didn't enter a value
400 continue
401 propdescr = props.get(colnm, None)
402 if propdescr is None:
403 print "huh? %r is in filter & form, but not in Class!" % colnm
404 raise "butthead programmer"
405 if (isinstance(propdescr, hyperdb.Link) or
406 isinstance(propdescr, hyperdb.Multilink)):
407 if type(val) == type([]):
408 val = [arg.value for arg in val]
409 else:
410 val = val.value.split(',')
411 l = filterspec.get(colnm, [])
412 l = l + val
413 filterspec[colnm] = l
414 else:
415 filterspec[colnm] = val.value
417 return filterspec
419 def customization_widget(self):
420 ''' The customization widget is visible by default. The widget
421 visibility is remembered by show_customization. Visibility
422 is not toggled if the action value is "Redisplay"
423 '''
424 if not self.form.has_key('show_customization'):
425 visible = 1
426 else:
427 visible = int(self.form['show_customization'].value)
428 if self.form.has_key('action'):
429 if self.form['action'].value != 'Redisplay':
430 visible = self.form['action'].value == '+'
432 return visible
434 # TODO: make this go away some day...
435 default_index_sort = ['-activity']
436 default_index_group = ['priority']
437 default_index_filter = ['status']
438 default_index_columns = ['id','activity','title','status','assignedto']
439 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
440 default_pagesize = '50'
442 def _get_customisation_info(self):
443 # see if the web has supplied us with any customisation info
444 for key in ':sort', ':group', ':filter', ':columns', ':pagesize':
445 if self.form.has_key(key):
446 # make list() extract the info from the CGI environ
447 self.classname = 'issue'
448 sort = group = filter = columns = filterspec = pagesize = None
449 break
450 else:
451 # TODO: look up the session first
452 # try the instance config first
453 if hasattr(self.instance, 'DEFAULT_INDEX'):
454 d = self.instance.DEFAULT_INDEX
455 self.classname = d['CLASS']
456 sort = d['SORT']
457 group = d['GROUP']
458 filter = d['FILTER']
459 columns = d['COLUMNS']
460 filterspec = d['FILTERSPEC']
461 pagesize = d.get('PAGESIZE', '50')
462 else:
463 # nope - fall back on the old way of doing it
464 self.classname = 'issue'
465 sort = self.default_index_sort
466 group = self.default_index_group
467 filter = self.default_index_filter
468 columns = self.default_index_columns
469 filterspec = self.default_index_filterspec
470 pagesize = self.default_pagesize
471 return columns, filter, group, sort, filterspec, pagesize
473 def index(self):
474 ''' put up an index - no class specified
475 '''
476 columns, filter, group, sort, filterspec, pagesize = \
477 self._get_customisation_info()
478 return self.list(columns=columns, filter=filter, group=group,
479 sort=sort, filterspec=filterspec, pagesize=pagesize)
481 def searchnode(self):
482 columns, filter, group, sort, filterspec, pagesize = \
483 self._get_customisation_info()
484 cn = self.classname
485 self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
486 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
487 index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
488 self.write('<form onSubmit="return submit_once()" action="%s">\n'%self.classname)
489 all_columns = self.db.getclass(cn).getprops().keys()
490 all_columns.sort()
491 index.filter_section('', filter, columns, group, all_columns, sort,
492 filterspec, pagesize, 0, 0)
493 self.pagefoot()
495 # XXX deviates from spec - loses the '+' (that's a reserved character
496 # in URLS
497 def list(self, sort=None, group=None, filter=None, columns=None,
498 filterspec=None, show_customization=None, show_nodes=1,
499 pagesize=None):
500 ''' call the template index with the args
502 :sort - sort by prop name, optionally preceeded with '-'
503 to give descending or nothing for ascending sorting.
504 :group - group by prop name, optionally preceeded with '-' or
505 to sort in descending or nothing for ascending order.
506 :filter - selects which props should be displayed in the filter
507 section. Default is all.
508 :columns - selects the columns that should be displayed.
509 Default is all.
511 '''
512 cn = self.classname
513 cl = self.db.classes[cn]
514 if sort is None: sort = self.index_sort()
515 if group is None: group = self.index_arg(':group')
516 if filter is None: filter = self.index_arg(':filter')
517 if columns is None: columns = self.index_arg(':columns')
518 if filterspec is None: filterspec = self.index_filterspec(filter)
519 if show_customization is None:
520 show_customization = self.customization_widget()
521 if self.form.has_key('search_text'):
522 search_text = self.form['search_text'].value
523 else:
524 search_text = ''
525 if pagesize is None:
526 if self.form.has_key(':pagesize'):
527 pagesize = self.form[':pagesize'].value
528 else:
529 pagesize = '50'
530 pagesize = int(pagesize)
531 if self.form.has_key(':startwith'):
532 startwith = int(self.form[':startwith'].value)
533 else:
534 startwith = 0
535 simpleform = 1
536 if self.form.has_key(':advancedsearch'):
537 simpleform = 0
539 if self.form.has_key('Query') and self.form['Query'].value == 'Save':
540 # format a query string
541 qd = {}
542 qd[':sort'] = ','.join(map(urllib.quote, sort))
543 qd[':group'] = ','.join(map(urllib.quote, group))
544 qd[':filter'] = ','.join(map(urllib.quote, filter))
545 qd[':columns'] = ','.join(map(urllib.quote, columns))
546 for k, l in filterspec.items():
547 qd[urllib.quote(k)] = ','.join(map(urllib.quote, l))
548 url = '&'.join([k+'='+v for k,v in qd.items()])
549 url += '&:pagesize=%s' % pagesize
550 if search_text:
551 url += '&search_text=%s' % search_text
553 # create a query
554 d = {}
555 d['name'] = nm = self.form[':name'].value
556 if not nm:
557 d['name'] = nm = 'New Query'
558 d['klass'] = self.form[':classname'].value
559 d['url'] = url
560 qid = self.db.getclass('query').create(**d)
562 # and add it to the user's query multilink
563 uid = self.getuid()
564 usercl = self.db.getclass('user')
565 queries = usercl.get(uid, 'queries')
566 queries.append(qid)
567 usercl.set(uid, queries=queries)
569 self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
570 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
572 index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
573 try:
574 index.render(filterspec=filterspec, search_text=search_text,
575 filter=filter, columns=columns, sort=sort, group=group,
576 show_customization=show_customization,
577 show_nodes=show_nodes, pagesize=pagesize, startwith=startwith,
578 simple_search=simpleform)
579 except htmltemplate.MissingTemplateError:
580 self.basicClassEditPage()
581 self.pagefoot()
583 def basicClassEditPage(self):
584 '''Display a basic edit page that allows simple editing of the
585 nodes of the current class
586 '''
587 userid = self.db.user.lookup(self.user)
588 if not self.db.security.hasPermission('Edit', userid):
589 raise Unauthorised, _("You do not have permission to access"\
590 " %(action)s.")%{'action': self.classname}
591 w = self.write
592 cn = self.classname
593 cl = self.db.classes[cn]
594 idlessprops = cl.getprops(protected=0).keys()
595 props = ['id'] + idlessprops
597 # get the CSV module
598 try:
599 import csv
600 except ImportError:
601 w(_('Sorry, you need the csv module to use this function.<br>\n'
602 'Get it from: <a href="http://www.object-craft.com.au/projects/csv/">http://www.object-craft.com.au/projects/csv/'))
603 return
605 # do the edit
606 if self.form.has_key('rows'):
607 rows = self.form['rows'].value.splitlines()
608 p = csv.parser()
609 found = {}
610 line = 0
611 for row in rows:
612 line += 1
613 values = p.parse(row)
614 # not a complete row, keep going
615 if not values: continue
617 # extract the nodeid
618 nodeid, values = values[0], values[1:]
619 found[nodeid] = 1
621 # confirm correct weight
622 if len(idlessprops) != len(values):
623 w(_('Not enough values on line %(line)s'%{'line':line}))
624 return
626 # extract the new values
627 d = {}
628 for name, value in zip(idlessprops, values):
629 value = value.strip()
630 # only add the property if it has a value
631 if value:
632 # if it's a multilink, split it
633 if isinstance(cl.properties[name], hyperdb.Multilink):
634 value = value.split(':')
635 d[name] = value
637 # perform the edit
638 if cl.hasnode(nodeid):
639 # edit existing
640 cl.set(nodeid, **d)
641 else:
642 # new node
643 found[cl.create(**d)] = 1
645 # retire the removed entries
646 for nodeid in cl.list():
647 if not found.has_key(nodeid):
648 cl.retire(nodeid)
650 w(_('''<p class="form-help">You may edit the contents of the
651 "%(classname)s" class using this form. Commas, newlines and double
652 quotes (") must be handled delicately. You may include commas and
653 newlines by enclosing the values in double-quotes ("). Double
654 quotes themselves must be quoted by doubling ("").</p>
655 <p class="form-help">Multilink properties have their multiple
656 values colon (":") separated (... ,"one:two:three", ...)</p>
657 <p class="form-help">Remove entries by deleting their line. Add
658 new entries by appending
659 them to the table - put an X in the id column.</p>''')%{'classname':cn})
661 l = []
662 for name in props:
663 l.append(name)
664 w('<tt>')
665 w(', '.join(l) + '\n')
666 w('</tt>')
668 w('<form onSubmit="return submit_once()" method="POST">')
669 w('<textarea name="rows" cols=80 rows=15>')
670 p = csv.parser()
671 for nodeid in cl.list():
672 l = []
673 for name in props:
674 value = cl.get(nodeid, name)
675 if value is None:
676 l.append('')
677 elif isinstance(value, type([])):
678 l.append(cgi.escape(':'.join(map(str, value))))
679 else:
680 l.append(cgi.escape(str(cl.get(nodeid, name))))
681 w(p.join(l) + '\n')
683 w(_('</textarea><br><input type="submit" value="Save Changes"></form>'))
685 def classhelp(self):
686 '''Display a table of class info
687 '''
688 w = self.write
689 cn = self.form['classname'].value
690 cl = self.db.classes[cn]
691 props = self.form['properties'].value.split(',')
692 if cl.labelprop(1) in props:
693 sort = [cl.labelprop(1)]
694 else:
695 sort = props[0]
697 w('<table border=1 cellspacing=0 cellpaddin=2>')
698 w('<tr>')
699 for name in props:
700 w('<th align=left>%s</th>'%name)
701 w('</tr>')
702 for nodeid in cl.filter(None, {}, sort, []):
703 w('<tr>')
704 for name in props:
705 value = cgi.escape(str(cl.get(nodeid, name)))
706 w('<td align="left" valign="top">%s</td>'%value)
707 w('</tr>')
708 w('</table>')
710 def shownode(self, message=None, num_re=re.compile('^\d+$')):
711 ''' display an item
712 '''
713 cn = self.classname
714 cl = self.db.classes[cn]
715 keys = self.form.keys()
716 fromremove = 0
717 if self.form.has_key(':multilink'):
718 # is the multilink there because we came from remove()?
719 if self.form.has_key(':target'):
720 xtra = ''
721 fromremove = 1
722 message = _('%s removed' % self.index_arg(":target")[0])
723 else:
724 link = self.form[':multilink'].value
725 designator, linkprop = link.split(':')
726 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
727 else:
728 xtra = ''
730 # possibly perform an edit
731 # don't try to set properties if the user has just logged in
732 if keys and not fromremove and not self.form.has_key('__login_name'):
733 try:
734 userid = self.db.user.lookup(self.user)
735 if not self.db.security.hasPermission('Edit', userid, cn):
736 message = _('You do not have permission to edit %s' %cn)
737 else:
738 props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
739 # make changes to the node
740 props = self._changenode(props)
741 # handle linked nodes
742 self._post_editnode(self.nodeid)
743 # and some nice feedback for the user
744 if props:
745 message = _('%(changes)s edited ok')%{'changes':
746 ', '.join(props.keys())}
747 elif self.form.has_key('__note') and self.form['__note'].value:
748 message = _('note added')
749 elif (self.form.has_key('__file') and
750 self.form['__file'].filename):
751 message = _('file added')
752 else:
753 message = _('nothing changed')
754 except:
755 self.db.rollback()
756 s = StringIO.StringIO()
757 traceback.print_exc(None, s)
758 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
760 # now the display
761 id = self.nodeid
762 if cl.getkey():
763 id = cl.get(id, cl.getkey())
764 self.pagehead('%s: %s %s'%(self.classname.capitalize(), id, xtra),
765 message)
767 nodeid = self.nodeid
769 # use the template to display the item
770 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
771 self.classname)
772 item.render(nodeid)
774 self.pagefoot()
775 showissue = shownode
776 showmsg = shownode
777 searchissue = searchnode
779 def showquery(self):
780 queries = self.db.getclass(self.classname)
781 if self.form.keys():
782 sort = self.index_sort()
783 group = self.index_arg(':group')
784 filter = self.index_arg(':filter')
785 columns = self.index_arg(':columns')
786 filterspec = self.index_filterspec(filter, queries.get(self.nodeid, 'klass'))
787 if self.form.has_key('search_text'):
788 search_text = self.form['search_text'].value
789 search_text = urllib.quote(search_text)
790 else:
791 search_text = ''
792 if self.form.has_key(':pagesize'):
793 pagesize = int(self.form[':pagesize'].value)
794 else:
795 pagesize = 50
796 # format a query string
797 qd = {}
798 qd[':sort'] = ','.join(map(urllib.quote, sort))
799 qd[':group'] = ','.join(map(urllib.quote, group))
800 qd[':filter'] = ','.join(map(urllib.quote, filter))
801 qd[':columns'] = ','.join(map(urllib.quote, columns))
802 for k, l in filterspec.items():
803 qd[urllib.quote(k)] = ','.join(map(urllib.quote, l))
804 url = '&'.join([k+'='+v for k,v in qd.items()])
805 url += '&:pagesize=%s' % pagesize
806 if search_text:
807 url += '&search_text=%s' % search_text
808 if url != queries.get(self.nodeid, 'url'):
809 queries.set(self.nodeid, url=url)
810 message = _('url edited ok')
811 else:
812 message = _('nothing changed')
813 else:
814 message = None
815 nm = queries.get(self.nodeid, 'name')
816 self.pagehead('%s: %s'%(self.classname.capitalize(), nm), message)
818 # use the template to display the item
819 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
820 self.classname)
821 item.render(self.nodeid)
822 self.pagefoot()
824 def _changenode(self, props):
825 ''' change the node based on the contents of the form
826 '''
827 cl = self.db.classes[self.classname]
829 # create the message
830 message, files = self._handle_message()
831 if message:
832 props['messages'] = cl.get(self.nodeid, 'messages') + [message]
833 if files:
834 props['files'] = cl.get(self.nodeid, 'files') + files
836 # make the changes
837 return cl.set(self.nodeid, **props)
839 def _createnode(self):
840 ''' create a node based on the contents of the form
841 '''
842 cl = self.db.classes[self.classname]
843 props = parsePropsFromForm(self.db, cl, self.form)
845 # check for messages and files
846 message, files = self._handle_message()
847 if message:
848 props['messages'] = [message]
849 if files:
850 props['files'] = files
851 # create the node and return it's id
852 return cl.create(**props)
854 def _handle_message(self):
855 ''' generate an edit message
856 '''
857 # handle file attachments
858 files = []
859 if self.form.has_key('__file'):
860 file = self.form['__file']
861 if file.filename:
862 filename = file.filename.split('\\')[-1]
863 mime_type = mimetypes.guess_type(filename)[0]
864 if not mime_type:
865 mime_type = "application/octet-stream"
866 # create the new file entry
867 files.append(self.db.file.create(type=mime_type,
868 name=filename, content=file.file.read()))
870 # we don't want to do a message if none of the following is true...
871 cn = self.classname
872 cl = self.db.classes[self.classname]
873 props = cl.getprops()
874 note = None
875 # in a nutshell, don't do anything if there's no note or there's no
876 # NOSY
877 if self.form.has_key('__note'):
878 note = self.form['__note'].value.strip()
879 if not note:
880 return None, files
881 if not props.has_key('messages'):
882 return None, files
883 if not isinstance(props['messages'], hyperdb.Multilink):
884 return None, files
885 if not props['messages'].classname == 'msg':
886 return None, files
887 if not (self.form.has_key('nosy') or note):
888 return None, files
890 # handle the note
891 if '\n' in note:
892 summary = re.split(r'\n\r?', note)[0]
893 else:
894 summary = note
895 m = ['%s\n'%note]
897 # handle the messageid
898 # TODO: handle inreplyto
899 messageid = "<%s.%s.%s@%s>"%(time.time(), random.random(),
900 self.classname, self.instance.MAIL_DOMAIN)
902 # now create the message, attaching the files
903 content = '\n'.join(m)
904 message_id = self.db.msg.create(author=self.getuid(),
905 recipients=[], date=date.Date('.'), summary=summary,
906 content=content, files=files, messageid=messageid)
908 # update the messages property
909 return message_id, files
911 def _post_editnode(self, nid):
912 '''Do the linking part of the node creation.
914 If a form element has :link or :multilink appended to it, its
915 value specifies a node designator and the property on that node
916 to add _this_ node to as a link or multilink.
918 This is typically used on, eg. the file upload page to indicated
919 which issue to link the file to.
921 TODO: I suspect that this and newfile will go away now that
922 there's the ability to upload a file using the issue __file form
923 element!
924 '''
925 cn = self.classname
926 cl = self.db.classes[cn]
927 # link if necessary
928 keys = self.form.keys()
929 for key in keys:
930 if key == ':multilink':
931 value = self.form[key].value
932 if type(value) != type([]): value = [value]
933 for value in value:
934 designator, property = value.split(':')
935 link, nodeid = hyperdb.splitDesignator(designator)
936 link = self.db.classes[link]
937 # take a dupe of the list so we're not changing the cache
938 value = link.get(nodeid, property)[:]
939 value.append(nid)
940 link.set(nodeid, **{property: value})
941 elif key == ':link':
942 value = self.form[key].value
943 if type(value) != type([]): value = [value]
944 for value in value:
945 designator, property = value.split(':')
946 link, nodeid = hyperdb.splitDesignator(designator)
947 link = self.db.classes[link]
948 link.set(nodeid, **{property: nid})
950 def newnode(self, message=None):
951 ''' Add a new node to the database.
953 The form works in two modes: blank form and submission (that is,
954 the submission goes to the same URL). **Eventually this means that
955 the form will have previously entered information in it if
956 submission fails.
958 The new node will be created with the properties specified in the
959 form submission. For multilinks, multiple form entries are handled,
960 as are prop=value,value,value. You can't mix them though.
962 If the new node is to be referenced from somewhere else immediately
963 (ie. the new node is a file that is to be attached to a support
964 issue) then supply one of these arguments in addition to the usual
965 form entries:
966 :link=designator:property
967 :multilink=designator:property
968 ... which means that once the new node is created, the "property"
969 on the node given by "designator" should now reference the new
970 node's id. The node id will be appended to the multilink.
971 '''
972 cn = self.classname
973 userid = self.db.user.lookup(self.user)
974 if not self.db.security.hasPermission('View', userid, cn):
975 raise Unauthorised, _("You do not have permission to access"\
976 " %(action)s.")%{'action': self.classname}
977 cl = self.db.classes[cn]
978 if self.form.has_key(':multilink'):
979 link = self.form[':multilink'].value
980 designator, linkprop = link.split(':')
981 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
982 else:
983 xtra = ''
985 # possibly perform a create
986 keys = self.form.keys()
987 if [i for i in keys if i[0] != ':']:
988 # no dice if you can't edit!
989 if not self.db.security.hasPermission('Edit', userid, cn):
990 raise Unauthorised, _("You do not have permission to access"\
991 " %(action)s.")%{'action': 'new'+self.classname}
992 props = {}
993 try:
994 nid = self._createnode()
995 # handle linked nodes
996 self._post_editnode(nid)
997 # and some nice feedback for the user
998 message = _('%(classname)s created ok')%{'classname': cn}
1000 # render the newly created issue
1001 self.db.commit()
1002 self.nodeid = nid
1003 self.pagehead('%s: %s'%(self.classname.capitalize(), nid),
1004 message)
1005 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
1006 self.classname)
1007 item.render(nid)
1008 self.pagefoot()
1009 return
1010 except:
1011 self.db.rollback()
1012 s = StringIO.StringIO()
1013 traceback.print_exc(None, s)
1014 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1015 self.pagehead(_('New %(classname)s %(xtra)s')%{
1016 'classname': self.classname.capitalize(),
1017 'xtra': xtra }, message)
1019 # call the template
1020 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1021 self.classname)
1022 newitem.render(self.form)
1024 self.pagefoot()
1025 newissue = newnode
1027 def newuser(self, message=None):
1028 ''' Add a new user to the database.
1030 Don't do any of the message or file handling, just create the node.
1031 '''
1032 userid = self.db.user.lookup(self.user)
1033 if not self.db.security.hasPermission('Edit', userid, 'user'):
1034 raise Unauthorised, _("You do not have permission to access"\
1035 " %(action)s.")%{'action': 'newuser'}
1037 cn = self.classname
1038 cl = self.db.classes[cn]
1040 # possibly perform a create
1041 keys = self.form.keys()
1042 if [i for i in keys if i[0] != ':']:
1043 try:
1044 props = parsePropsFromForm(self.db, cl, self.form)
1045 nid = cl.create(**props)
1046 # handle linked nodes
1047 self._post_editnode(nid)
1048 # and some nice feedback for the user
1049 message = _('%(classname)s created ok')%{'classname': cn}
1050 except:
1051 self.db.rollback()
1052 s = StringIO.StringIO()
1053 traceback.print_exc(None, s)
1054 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1055 self.pagehead(_('New %(classname)s')%{'classname':
1056 self.classname.capitalize()}, message)
1058 # call the template
1059 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1060 self.classname)
1061 newitem.render(self.form)
1063 self.pagefoot()
1065 def newfile(self, message=None):
1066 ''' Add a new file to the database.
1068 This form works very much the same way as newnode - it just has a
1069 file upload.
1070 '''
1071 userid = self.db.user.lookup(self.user)
1072 if not self.db.security.hasPermission('Edit', userid, 'file'):
1073 raise Unauthorised, _("You do not have permission to access"\
1074 " %(action)s.")%{'action': 'newfile'}
1075 cn = self.classname
1076 cl = self.db.classes[cn]
1077 props = parsePropsFromForm(self.db, cl, self.form)
1078 if self.form.has_key(':multilink'):
1079 link = self.form[':multilink'].value
1080 designator, linkprop = link.split(':')
1081 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
1082 else:
1083 xtra = ''
1085 # possibly perform a create
1086 keys = self.form.keys()
1087 if [i for i in keys if i[0] != ':']:
1088 try:
1089 file = self.form['content']
1090 mime_type = mimetypes.guess_type(file.filename)[0]
1091 if not mime_type:
1092 mime_type = "application/octet-stream"
1093 # save the file
1094 props['type'] = mime_type
1095 props['name'] = file.filename
1096 props['content'] = file.file.read()
1097 nid = cl.create(**props)
1098 # handle linked nodes
1099 self._post_editnode(nid)
1100 # and some nice feedback for the user
1101 message = _('%(classname)s created ok')%{'classname': cn}
1102 except:
1103 self.db.rollback()
1104 s = StringIO.StringIO()
1105 traceback.print_exc(None, s)
1106 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1108 self.pagehead(_('New %(classname)s %(xtra)s')%{
1109 'classname': self.classname.capitalize(),
1110 'xtra': xtra }, message)
1111 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1112 self.classname)
1113 newitem.render(self.form)
1114 self.pagefoot()
1116 def showuser(self, message=None, num_re=re.compile('^\d+$')):
1117 '''Display a user page for editing. Make sure the user is allowed
1118 to edit this node, and also check for password changes.
1120 Note: permission checks for this node are handled in the template.
1121 '''
1122 user = self.db.user
1124 # get the username of the node being edited
1125 try:
1126 node_user = user.get(self.nodeid, 'username')
1127 except IndexError:
1128 raise NotFound, 'user%s'%self.nodeid
1130 #
1131 # perform any editing
1132 #
1133 keys = self.form.keys()
1134 if keys:
1135 try:
1136 props = parsePropsFromForm(self.db, user, self.form,
1137 self.nodeid)
1138 set_cookie = 0
1139 if props.has_key('password'):
1140 password = self.form['password'].value.strip()
1141 if not password:
1142 # no password was supplied - don't change it
1143 del props['password']
1144 elif self.nodeid == self.getuid():
1145 # this is the logged-in user's password
1146 set_cookie = password
1147 user.set(self.nodeid, **props)
1148 # and some feedback for the user
1149 message = _('%(changes)s edited ok')%{'changes':
1150 ', '.join(props.keys())}
1151 except:
1152 self.db.rollback()
1153 s = StringIO.StringIO()
1154 traceback.print_exc(None, s)
1155 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1156 else:
1157 set_cookie = 0
1159 # fix the cookie if the password has changed
1160 if set_cookie:
1161 self.set_cookie(self.user, set_cookie)
1163 #
1164 # now the display
1165 #
1166 self.pagehead(_('User: %(user)s')%{'user': node_user}, message)
1168 # use the template to display the item
1169 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES, 'user')
1170 item.render(self.nodeid)
1171 self.pagefoot()
1173 def showfile(self):
1174 ''' display a file
1175 '''
1176 # nothing in xtrapath - edit the file's metadata
1177 if self.xtrapath is None:
1178 return self.shownode()
1180 # something in xtrapath - download the file
1181 nodeid = self.nodeid
1182 cl = self.db.classes[self.classname]
1183 try:
1184 mime_type = cl.get(nodeid, 'type')
1185 except IndexError:
1186 raise NotFound, 'file%s'%nodeid
1187 if mime_type == 'message/rfc822':
1188 mime_type = 'text/plain'
1189 self.header(headers={'Content-Type': mime_type})
1190 self.write(cl.get(nodeid, 'content'))
1192 def permission(self):
1193 '''
1194 '''
1196 def classes(self, message=None):
1197 ''' display a list of all the classes in the database
1198 '''
1199 userid = self.db.user.lookup(self.user)
1200 if not self.db.security.hasPermission('Edit', userid):
1201 raise Unauthorised, _("You do not have permission to access"\
1202 " %(action)s.")%{'action': 'all classes'}
1204 self.pagehead(_('Table of classes'), message)
1205 classnames = self.db.classes.keys()
1206 classnames.sort()
1207 self.write('<table border=0 cellspacing=0 cellpadding=2>\n')
1208 for cn in classnames:
1209 cl = self.db.getclass(cn)
1210 self.write('<tr class="list-header"><th colspan=2 align=left>'
1211 '<a href="%s">%s</a></th></tr>'%(cn, cn.capitalize()))
1212 for key, value in cl.properties.items():
1213 if value is None: value = ''
1214 else: value = str(value)
1215 self.write('<tr><th align=left>%s</th><td>%s</td></tr>'%(
1216 key, cgi.escape(value)))
1217 self.write('</table>')
1218 self.pagefoot()
1220 def unauthorised(self, message):
1221 ''' The user is not authorised to do something. If they're
1222 anonymous, throw up a login box. If not, just tell them they
1223 can't do whatever it was they were trying to do.
1225 Bot cases print up the message, which is most likely the
1226 argument to the Unauthorised exception.
1227 '''
1228 self.header(response=403)
1229 if self.desired_action is None or self.desired_action == 'login':
1230 if not message:
1231 message=_("You do not have permission.")
1232 action = 'index'
1233 else:
1234 if not message:
1235 message=_("You do not have permission to access"\
1236 " %(action)s.")%{'action': self.desired_action}
1237 action = self.desired_action
1238 if self.user == 'anonymous':
1239 self.login(action=action, message=message)
1240 else:
1241 self.pagehead(_('Not Authorised'))
1242 self.write('<p class="system-msg">%s</p>'%message)
1243 self.pagefoot()
1245 def login(self, message=None, newuser_form=None, action='index'):
1246 '''Display a login page.
1247 '''
1248 self.pagehead(_('Login to roundup'))
1249 if message:
1250 self.write('<p class="system-msg">%s</p>'%message)
1251 self.write(_('''
1252 <table>
1253 <tr><td colspan=2 class="strong-header">Existing User Login</td></tr>
1254 <form onSubmit="return submit_once()" action="login_action" method=POST>
1255 <input type="hidden" name="__destination_url" value="%(action)s">
1256 <tr><td align=right>Login name: </td>
1257 <td><input name="__login_name"></td></tr>
1258 <tr><td align=right>Password: </td>
1259 <td><input type="password" name="__login_password"></td></tr>
1260 <tr><td></td>
1261 <td><input type="submit" value="Log In"></td></tr>
1262 </form>
1263 ''')%locals())
1264 userid = self.db.user.lookup(self.user)
1265 if not self.db.security.hasPermission('Web Registration', userid):
1266 self.write('</table>')
1267 self.pagefoot()
1268 return
1269 values = {'realname': '', 'organisation': '', 'address': '',
1270 'phone': '', 'username': '', 'password': '', 'confirm': '',
1271 'action': action, 'alternate_addresses': ''}
1272 if newuser_form is not None:
1273 for key in newuser_form.keys():
1274 values[key] = newuser_form[key].value
1275 self.write(_('''
1276 <p>
1277 <tr><td colspan=2 class="strong-header">New User Registration</td></tr>
1278 <tr><td colspan=2><em>marked items</em> are optional...</td></tr>
1279 <form onSubmit="return submit_once()" action="newuser_action" method=POST>
1280 <input type="hidden" name="__destination_url" value="%(action)s">
1281 <tr><td align=right><em>Name: </em></td>
1282 <td><input name="realname" value="%(realname)s" size=40></td></tr>
1283 <tr><td align=right><em>Organisation: </em></td>
1284 <td><input name="organisation" value="%(organisation)s" size=40></td></tr>
1285 <tr><td align=right>E-Mail Address: </td>
1286 <td><input name="address" value="%(address)s" size=40></td></tr>
1287 <tr><td align=right><em>Alternate E-mail Addresses: </em></td>
1288 <td><textarea name="alternate_addresses" rows=5 cols=40>%(alternate_addresses)s</textarea></td></tr>
1289 <tr><td align=right><em>Phone: </em></td>
1290 <td><input name="phone" value="%(phone)s"></td></tr>
1291 <tr><td align=right>Preferred Login name: </td>
1292 <td><input name="username" value="%(username)s"></td></tr>
1293 <tr><td align=right>Password: </td>
1294 <td><input type="password" name="password" value="%(password)s"></td></tr>
1295 <tr><td align=right>Password Again: </td>
1296 <td><input type="password" name="confirm" value="%(confirm)s"></td></tr>
1297 <tr><td></td>
1298 <td><input type="submit" value="Register"></td></tr>
1299 </form>
1300 </table>
1301 ''')%values)
1302 self.pagefoot()
1304 def login_action(self, message=None):
1305 '''Attempt to log a user in and set the cookie
1307 returns 0 if a page is generated as a result of this call, and
1308 1 if not (ie. the login is successful
1309 '''
1310 if not self.form.has_key('__login_name'):
1311 self.login(message=_('Username required'))
1312 return 0
1313 self.user = self.form['__login_name'].value
1314 # re-open the database for real, using the user
1315 self.opendb(self.user)
1316 if self.form.has_key('__login_password'):
1317 password = self.form['__login_password'].value
1318 else:
1319 password = ''
1320 # make sure the user exists
1321 try:
1322 uid = self.db.user.lookup(self.user)
1323 except KeyError:
1324 name = self.user
1325 self.make_user_anonymous()
1326 action = self.form['__destination_url'].value
1327 self.login(message=_('No such user "%(name)s"')%locals(),
1328 action=action)
1329 return 0
1331 # and that the password is correct
1332 pw = self.db.user.get(uid, 'password')
1333 if password != pw:
1334 self.make_user_anonymous()
1335 action = self.form['__destination_url'].value
1336 self.login(message=_('Incorrect password'), action=action)
1337 return 0
1339 self.set_cookie(self.user, password)
1340 return 1
1342 def newuser_action(self, message=None):
1343 '''Attempt to create a new user based on the contents of the form
1344 and then set the cookie.
1346 return 1 on successful login
1347 '''
1348 # make sure we're allowed to register
1349 userid = self.db.user.lookup(self.user)
1350 if not self.db.security.hasPermission('Web Registration', userid):
1351 raise Unauthorised, _("You do not have permission to access"\
1352 " %(action)s.")%{'action': 'registration'}
1354 # re-open the database as "admin"
1355 if self.user != 'admin':
1356 self.opendb('admin')
1358 # create the new user
1359 cl = self.db.user
1360 try:
1361 props = parsePropsFromForm(self.db, cl, self.form)
1362 props['roles'] = self.instance.NEW_WEB_USER_ROLES
1363 uid = cl.create(**props)
1364 self.db.commit()
1365 except ValueError, message:
1366 action = self.form['__destination_url'].value
1367 self.login(message, action=action)
1368 return 0
1370 # log the new user in
1371 self.user = cl.get(uid, 'username')
1372 # re-open the database for real, using the user
1373 self.opendb(self.user)
1374 password = cl.get(uid, 'password')
1375 self.set_cookie(self.user, password)
1376 return 1
1378 def set_cookie(self, user, password):
1379 # TODO generate a much, much stronger session key ;)
1380 self.session = binascii.b2a_base64(repr(time.time())).strip()
1382 # clean up the base64
1383 if self.session[-1] == '=':
1384 if self.session[-2] == '=':
1385 self.session = self.session[:-2]
1386 else:
1387 self.session = self.session[:-1]
1389 # insert the session in the sessiondb
1390 self.db.sessions.set(self.session, user=user, last_use=time.time())
1392 # and commit immediately
1393 self.db.sessions.commit()
1395 # expire us in a long, long time
1396 expire = Cookie._getdate(86400*365)
1398 # generate the cookie path - make sure it has a trailing '/'
1399 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
1400 ''))
1401 self.header({'Set-Cookie': 'roundup_user=%s; expires=%s; Path=%s;'%(
1402 self.session, expire, path)})
1404 def make_user_anonymous(self):
1405 ''' Make us anonymous
1407 This method used to handle non-existence of the 'anonymous'
1408 user, but that user is mandatory now.
1409 '''
1410 self.db.user.lookup('anonymous')
1411 self.user = 'anonymous'
1413 def logout(self, message=None):
1414 ''' Make us really anonymous - nuke the cookie too
1415 '''
1416 self.make_user_anonymous()
1418 # construct the logout cookie
1419 now = Cookie._getdate()
1420 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
1421 ''))
1422 self.header({'Set-Cookie':
1423 'roundup_user=deleted; Max-Age=0; expires=%s; Path=%s;'%(now,
1424 path)})
1425 self.login()
1427 def opendb(self, user):
1428 ''' Open the database - but include the definition of the sessions db.
1429 '''
1430 # open the db if the user has changed
1431 if not hasattr(self, 'db') or user != self.db.journaltag:
1432 self.db = self.instance.open(user)
1434 def main(self):
1435 ''' Wrap the request and handle unauthorised requests
1436 '''
1437 self.desired_action = None
1438 try:
1439 self.main_action()
1440 except Unauthorised, message:
1441 self.unauthorised(message)
1443 def main_action(self):
1444 '''Wrap the database accesses so we can close the database cleanly
1445 '''
1446 # determine the uid to use
1447 self.opendb('admin')
1449 # make sure we have the session Class
1450 sessions = self.db.sessions
1452 # age sessions, remove when they haven't been used for a week
1453 # TODO: this shouldn't be done every access
1454 week = 60*60*24*7
1455 now = time.time()
1456 for sessid in sessions.list():
1457 interval = now - sessions.get(sessid, 'last_use')
1458 if interval > week:
1459 sessions.destroy(sessid)
1461 # look up the user session cookie
1462 cookie = Cookie.Cookie(self.env.get('HTTP_COOKIE', ''))
1463 user = 'anonymous'
1465 if (cookie.has_key('roundup_user') and
1466 cookie['roundup_user'].value != 'deleted'):
1468 # get the session key from the cookie
1469 self.session = cookie['roundup_user'].value
1470 # get the user from the session
1471 try:
1472 # update the lifetime datestamp
1473 sessions.set(self.session, last_use=time.time())
1474 sessions.commit()
1475 user = sessions.get(self.session, 'user')
1476 except KeyError:
1477 user = 'anonymous'
1479 # sanity check on the user still being valid
1480 try:
1481 self.db.user.lookup(user)
1482 except (KeyError, TypeError):
1483 user = 'anonymous'
1485 # make sure the anonymous user is valid if we're using it
1486 if user == 'anonymous':
1487 self.make_user_anonymous()
1488 else:
1489 self.user = user
1491 # now figure which function to call
1492 path = self.split_path
1493 self.xtrapath = None
1495 # default action to index if the path has no information in it
1496 if not path or path[0] in ('', 'index'):
1497 action = 'index'
1498 else:
1499 action = path[0]
1500 if len(path) > 1:
1501 self.xtrapath = path[1:]
1502 self.desired_action = action
1504 # everyone is allowed to try to log in
1505 if action == 'login_action':
1506 # try to login
1507 if not self.login_action():
1508 return
1509 # figure the resulting page
1510 action = self.form['__destination_url'].value
1512 # allow anonymous people to register
1513 elif action == 'newuser_action':
1514 # try to add the user
1515 if not self.newuser_action():
1516 return
1517 # figure the resulting page
1518 action = self.form['__destination_url'].value
1520 # ok, now we have figured out who the user is, make sure the user
1521 # has permission to use this interface
1522 userid = self.db.user.lookup(self.user)
1523 if not self.db.security.hasPermission('Web Access', userid):
1524 raise Unauthorised, \
1525 _("You do not have permission to access this interface.")
1527 # re-open the database for real, using the user
1528 self.opendb(self.user)
1530 # make sure we have a sane action
1531 if not action:
1532 action = 'index'
1534 # just a regular action
1535 try:
1536 self.do_action(action)
1537 except Unauthorised, message:
1538 # if unauth is raised here, then a page header will have
1539 # been displayed
1540 self.write('<p class="system-msg">%s</p>'%message)
1541 else:
1542 # commit all changes to the database
1543 self.db.commit()
1545 def do_action(self, action, dre=re.compile(r'([^\d]+)(\d+)'),
1546 nre=re.compile(r'new(\w+)'), sre=re.compile(r'search(\w+)')):
1547 '''Figure the user's action and do it.
1548 '''
1549 # here be the "normal" functionality
1550 if action == 'index':
1551 self.index()
1552 return
1553 if action == 'list_classes':
1554 self.classes()
1555 return
1556 if action == 'classhelp':
1557 self.classhelp()
1558 return
1559 if action == 'login':
1560 self.login()
1561 return
1562 if action == 'logout':
1563 self.logout()
1564 return
1565 if action == 'remove':
1566 self.remove()
1567 return
1569 # see if we're to display an existing node
1570 m = dre.match(action)
1571 if m:
1572 self.classname = m.group(1)
1573 self.nodeid = m.group(2)
1574 try:
1575 cl = self.db.classes[self.classname]
1576 except KeyError:
1577 raise NotFound, self.classname
1578 try:
1579 cl.get(self.nodeid, 'id')
1580 except IndexError:
1581 raise NotFound, self.nodeid
1582 try:
1583 func = getattr(self, 'show%s'%self.classname)
1584 except AttributeError:
1585 raise NotFound, 'show%s'%self.classname
1586 func()
1587 return
1589 # see if we're to put up the new node page
1590 m = nre.match(action)
1591 if m:
1592 self.classname = m.group(1)
1593 try:
1594 func = getattr(self, 'new%s'%self.classname)
1595 except AttributeError:
1596 raise NotFound, 'new%s'%self.classname
1597 func()
1598 return
1600 # see if we're to put up the new node page
1601 m = sre.match(action)
1602 if m:
1603 self.classname = m.group(1)
1604 try:
1605 func = getattr(self, 'search%s'%self.classname)
1606 except AttributeError:
1607 raise NotFound
1608 func()
1609 return
1611 # otherwise, display the named class
1612 self.classname = action
1613 try:
1614 self.db.getclass(self.classname)
1615 except KeyError:
1616 raise NotFound, self.classname
1617 self.list()
1619 def remove(self, dre=re.compile(r'([^\d]+)(\d+)')):
1620 target = self.index_arg(':target')[0]
1621 m = dre.match(target)
1622 if m:
1623 classname = m.group(1)
1624 nodeid = m.group(2)
1625 cl = self.db.getclass(classname)
1626 cl.retire(nodeid)
1627 # now take care of the reference
1628 parentref = self.index_arg(':multilink')[0]
1629 parent, prop = parentref.split(':')
1630 m = dre.match(parent)
1631 if m:
1632 self.classname = m.group(1)
1633 self.nodeid = m.group(2)
1634 cl = self.db.getclass(self.classname)
1635 value = cl.get(self.nodeid, prop)
1636 value.remove(nodeid)
1637 cl.set(self.nodeid, **{prop:value})
1638 func = getattr(self, 'show%s'%self.classname)
1639 return func()
1640 else:
1641 raise NotFound, parent
1642 else:
1643 raise NotFound, target
1645 class ExtendedClient(Client):
1646 '''Includes pages and page heading information that relate to the
1647 extended schema.
1648 '''
1649 showsupport = Client.shownode
1650 showtimelog = Client.shownode
1651 newsupport = Client.newnode
1652 newtimelog = Client.newnode
1653 searchsupport = Client.searchnode
1655 default_index_sort = ['-activity']
1656 default_index_group = ['priority']
1657 default_index_filter = ['status']
1658 default_index_columns = ['activity','status','title','assignedto']
1659 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
1660 default_pagesize = '50'
1662 def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')):
1663 '''Pull properties for the given class out of the form.
1664 '''
1665 props = {}
1666 keys = form.keys()
1667 for key in keys:
1668 if not cl.properties.has_key(key):
1669 continue
1670 proptype = cl.properties[key]
1671 if isinstance(proptype, hyperdb.String):
1672 value = form[key].value.strip()
1673 elif isinstance(proptype, hyperdb.Password):
1674 value = password.Password(form[key].value.strip())
1675 elif isinstance(proptype, hyperdb.Date):
1676 value = form[key].value.strip()
1677 if value:
1678 value = date.Date(form[key].value.strip())
1679 else:
1680 value = None
1681 elif isinstance(proptype, hyperdb.Interval):
1682 value = form[key].value.strip()
1683 if value:
1684 value = date.Interval(form[key].value.strip())
1685 else:
1686 value = None
1687 elif isinstance(proptype, hyperdb.Link):
1688 value = form[key].value.strip()
1689 # see if it's the "no selection" choice
1690 if value == '-1':
1691 value = None
1692 else:
1693 # handle key values
1694 link = cl.properties[key].classname
1695 if not num_re.match(value):
1696 try:
1697 value = db.classes[link].lookup(value)
1698 except KeyError:
1699 raise ValueError, _('property "%(propname)s": '
1700 '%(value)s not a %(classname)s')%{'propname':key,
1701 'value': value, 'classname': link}
1702 elif isinstance(proptype, hyperdb.Multilink):
1703 value = form[key]
1704 if hasattr(value, 'value'):
1705 # Quite likely to be a FormItem instance
1706 value = value.value
1707 if not isinstance(value, type([])):
1708 value = [i.strip() for i in value.split(',')]
1709 else:
1710 value = [i.strip() for i in value]
1711 link = cl.properties[key].classname
1712 l = []
1713 for entry in map(str, value):
1714 if entry == '': continue
1715 if not num_re.match(entry):
1716 try:
1717 entry = db.classes[link].lookup(entry)
1718 except KeyError:
1719 raise ValueError, _('property "%(propname)s": '
1720 '"%(value)s" not an entry of %(classname)s')%{
1721 'propname':key, 'value': entry, 'classname': link}
1722 l.append(entry)
1723 l.sort()
1724 value = l
1725 elif isinstance(proptype, hyperdb.Boolean):
1726 value = form[key].value.strip()
1727 props[key] = value = value.lower() in ('yes', 'true', 'on', '1')
1728 elif isinstance(proptype, hyperdb.Number):
1729 value = form[key].value.strip()
1730 props[key] = value = int(value)
1732 # get the old value
1733 if nodeid:
1734 try:
1735 existing = cl.get(nodeid, key)
1736 except KeyError:
1737 # this might be a new property for which there is no existing
1738 # value
1739 if not cl.properties.has_key(key): raise
1741 # if changed, set it
1742 if value != existing:
1743 props[key] = value
1744 else:
1745 props[key] = value
1746 return props
1748 #
1749 # $Log: not supported by cvs2svn $
1750 # Revision 1.160 2002/08/19 00:20:34 richard
1751 # grant web access to admin ;)
1752 #
1753 # Revision 1.159 2002/08/16 04:29:41 richard
1754 # bugfix
1755 #
1756 # Revision 1.158 2002/08/15 00:40:10 richard
1757 # cleanup
1758 #
1759 # Revision 1.157 2002/08/13 20:16:09 gmcm
1760 # Use a real parser for templates.
1761 # Rewrite htmltemplate to use the parser (hack, hack).
1762 # Move the "do_XXX" methods to template_funcs.py.
1763 # Redo the funcion tests (but not Template tests - they're hopeless).
1764 # Simplified query form in cgi_client.
1765 # Ability to delete msgs, files, queries.
1766 # Ability to edit the metadata on files.
1767 #
1768 # Revision 1.156 2002/08/01 15:06:06 gmcm
1769 # Use same regex to split search terms as used to index text.
1770 # Fix to back_metakit for not changing journaltag on reopen.
1771 # Fix htmltemplate's do_link so [No <whatever>] strings are href'd.
1772 # Fix bogus "nosy edited ok" msg - the **d syntax does NOT share d between caller and callee.
1773 #
1774 # Revision 1.155 2002/08/01 00:56:22 richard
1775 # Added the web access and email access permissions, so people can restrict
1776 # access to users who register through the email interface (for example).
1777 # Also added "security" command to the roundup-admin interface to display the
1778 # Role/Permission config for an instance.
1779 #
1780 # Revision 1.154 2002/07/31 23:57:36 richard
1781 # . web forms may now unset Link values (like assignedto)
1782 #
1783 # Revision 1.153 2002/07/31 22:40:50 gmcm
1784 # Fixes to the search form and saving queries.
1785 # Fixes to sorting in back_metakit.py.
1786 #
1787 # Revision 1.152 2002/07/31 22:04:14 richard
1788 # cleanup
1789 #
1790 # Revision 1.151 2002/07/30 21:37:43 richard
1791 # oops, thanks Duncan Booth for spotting this one
1792 #
1793 # Revision 1.150 2002/07/30 20:43:18 gmcm
1794 # Oops, fix the permission check!
1795 #
1796 # Revision 1.149 2002/07/30 20:04:38 gmcm
1797 # Adapt metakit backend to new security scheme.
1798 # Put some more permission checks in cgi_client.
1799 #
1800 # Revision 1.148 2002/07/30 16:09:11 gmcm
1801 # Simple optimization.
1802 #
1803 # Revision 1.147 2002/07/30 08:22:38 richard
1804 # Session storage in the hyperdb was horribly, horribly inefficient. We use
1805 # a simple anydbm wrapper now - which could be overridden by the metakit
1806 # backend or RDB backend if necessary.
1807 # Much, much better.
1808 #
1809 # Revision 1.146 2002/07/30 05:27:30 richard
1810 # nicer error messages, and a bugfix
1811 #
1812 # Revision 1.145 2002/07/26 08:26:59 richard
1813 # Very close now. The cgi and mailgw now use the new security API. The two
1814 # templates have been migrated to that setup. Lots of unit tests. Still some
1815 # issue in the web form for editing Roles assigned to users.
1816 #
1817 # Revision 1.144 2002/07/25 07:14:05 richard
1818 # Bugger it. Here's the current shape of the new security implementation.
1819 # Still to do:
1820 # . call the security funcs from cgi and mailgw
1821 # . change shipped templates to include correct initialisation and remove
1822 # the old config vars
1823 # ... that seems like a lot. The bulk of the work has been done though. Honest :)
1824 #
1825 # Revision 1.143 2002/07/20 19:29:10 gmcm
1826 # Fixes/improvements to the search form & saved queries.
1827 #
1828 # Revision 1.142 2002/07/18 11:17:30 gmcm
1829 # Add Number and Boolean types to hyperdb.
1830 # Add conversion cases to web, mail & admin interfaces.
1831 # Add storage/serialization cases to back_anydbm & back_metakit.
1832 #
1833 # Revision 1.141 2002/07/17 12:39:10 gmcm
1834 # Saving, running & editing queries.
1835 #
1836 # Revision 1.140 2002/07/14 23:17:15 richard
1837 # cleaned up structure
1838 #
1839 # Revision 1.139 2002/07/14 06:14:40 richard
1840 # Some more TODOs
1841 #
1842 # Revision 1.138 2002/07/14 04:03:13 richard
1843 # Implemented a switch to disable journalling for a Class. CGI session
1844 # database now uses it.
1845 #
1846 # Revision 1.137 2002/07/10 07:00:30 richard
1847 # removed debugging
1848 #
1849 # Revision 1.136 2002/07/10 06:51:08 richard
1850 # . #576241 ] MultiLink problems in parsePropsFromForm
1851 #
1852 # Revision 1.135 2002/07/10 00:22:34 richard
1853 # . switched to using a session-based web login
1854 #
1855 # Revision 1.134 2002/07/09 04:19:09 richard
1856 # Added reindex command to roundup-admin.
1857 # Fixed reindex on first access.
1858 # Also fixed reindexing of entries that change.
1859 #
1860 # Revision 1.133 2002/07/08 15:32:05 gmcm
1861 # Pagination of index pages.
1862 # New search form.
1863 #
1864 # Revision 1.132 2002/07/08 07:26:14 richard
1865 # ehem
1866 #
1867 # Revision 1.131 2002/07/08 06:53:57 richard
1868 # Not sure why the cgi_client had an indexer argument.
1869 #
1870 # Revision 1.130 2002/06/27 12:01:53 gmcm
1871 # If the form has a :multilink, put a back href in the pageheader (back to the linked-to node).
1872 # Some minor optimizations (only compile regexes once).
1873 #
1874 # Revision 1.129 2002/06/20 23:52:11 richard
1875 # Better handling of unauth attempt to edit stuff
1876 #
1877 # Revision 1.128 2002/06/12 21:28:25 gmcm
1878 # Allow form to set user-properties on a Fileclass.
1879 # Don't assume that a Fileclass is named "files".
1880 #
1881 # Revision 1.127 2002/06/11 06:38:24 richard
1882 # . #565996 ] The "Attach a File to this Issue" fails
1883 #
1884 # Revision 1.126 2002/05/29 01:16:17 richard
1885 # Sorry about this huge checkin! It's fixing a lot of related stuff in one go
1886 # though.
1887 #
1888 # . #541941 ] changing multilink properties by mail
1889 # . #526730 ] search for messages capability
1890 # . #505180 ] split MailGW.handle_Message
1891 # - also changed cgi client since it was duplicating the functionality
1892 # . build htmlbase if tests are run using CVS checkout (removed note from
1893 # installation.txt)
1894 # . don't create an empty message on email issue creation if the email is empty
1895 #
1896 # Revision 1.125 2002/05/25 07:16:24 rochecompaan
1897 # Merged search_indexing-branch with HEAD
1898 #
1899 # Revision 1.124 2002/05/24 02:09:24 richard
1900 # Nothing like a live demo to show up the bugs ;)
1901 #
1902 # Revision 1.123 2002/05/22 05:04:13 richard
1903 # Oops
1904 #
1905 # Revision 1.122 2002/05/22 04:12:05 richard
1906 # . applied patch #558876 ] cgi client customization
1907 # ... with significant additions and modifications ;)
1908 # - extended handling of ML assignedto to all places it's handled
1909 # - added more NotFound info
1910 #
1911 # Revision 1.121 2002/05/21 06:08:10 richard
1912 # Handle migration
1913 #
1914 # Revision 1.120 2002/05/21 06:05:53 richard
1915 # . #551483 ] assignedto in Client.make_index_link
1916 #
1917 # Revision 1.119 2002/05/15 06:21:21 richard
1918 # . node caching now works, and gives a small boost in performance
1919 #
1920 # As a part of this, I cleaned up the DEBUG output and implemented TRACE
1921 # output (HYPERDBTRACE='file to trace to') with checkpoints at the start of
1922 # CGI requests. Run roundup with python -O to skip all the DEBUG/TRACE stuff
1923 # (using if __debug__ which is compiled out with -O)
1924 #
1925 # Revision 1.118 2002/05/12 23:46:33 richard
1926 # ehem, part 2
1927 #
1928 # Revision 1.117 2002/05/12 23:42:29 richard
1929 # ehem
1930 #
1931 # Revision 1.116 2002/05/02 08:07:49 richard
1932 # Added the ADD_AUTHOR_TO_NOSY handling to the CGI interface.
1933 #
1934 # Revision 1.115 2002/04/02 01:56:10 richard
1935 # . stop sending blank (whitespace-only) notes
1936 #
1937 # Revision 1.114.2.4 2002/05/02 11:49:18 rochecompaan
1938 # Allow customization of the search filters that should be displayed
1939 # on the search page.
1940 #
1941 # Revision 1.114.2.3 2002/04/20 13:23:31 rochecompaan
1942 # We now have a separate search page for nodes. Search links for
1943 # different classes can be customized in instance_config similar to
1944 # index links.
1945 #
1946 # Revision 1.114.2.2 2002/04/19 19:54:42 rochecompaan
1947 # cgi_client.py
1948 # removed search link for the time being
1949 # moved rendering of matches to htmltemplate
1950 # hyperdb.py
1951 # filtering of nodes on full text search incorporated in filter method
1952 # roundupdb.py
1953 # added paramater to call of filter method
1954 # roundup_indexer.py
1955 # added search method to RoundupIndexer class
1956 #
1957 # Revision 1.114.2.1 2002/04/03 11:55:57 rochecompaan
1958 # . Added feature #526730 - search for messages capability
1959 #
1960 # Revision 1.114 2002/03/17 23:06:05 richard
1961 # oops
1962 #
1963 # Revision 1.113 2002/03/14 23:59:24 richard
1964 # . #517734 ] web header customisation is obscure
1965 #
1966 # Revision 1.112 2002/03/12 22:52:26 richard
1967 # more pychecker warnings removed
1968 #
1969 # Revision 1.111 2002/02/25 04:32:21 richard
1970 # ahem
1971 #
1972 # Revision 1.110 2002/02/21 07:19:08 richard
1973 # ... and label, width and height control for extra flavour!
1974 #
1975 # Revision 1.109 2002/02/21 07:08:19 richard
1976 # oops
1977 #
1978 # Revision 1.108 2002/02/21 07:02:54 richard
1979 # The correct var is "HTTP_HOST"
1980 #
1981 # Revision 1.107 2002/02/21 06:57:38 richard
1982 # . Added popup help for classes using the classhelp html template function.
1983 # - add <display call="classhelp('priority', 'id,name,description')">
1984 # to an item page, and it generates a link to a popup window which displays
1985 # the id, name and description for the priority class. The description
1986 # field won't exist in most installations, but it will be added to the
1987 # default templates.
1988 #
1989 # Revision 1.106 2002/02/21 06:23:00 richard
1990 # *** empty log message ***
1991 #
1992 # Revision 1.105 2002/02/20 05:52:10 richard
1993 # better error handling
1994 #
1995 # Revision 1.104 2002/02/20 05:45:17 richard
1996 # Use the csv module for generating the form entry so it's correct.
1997 # [also noted the sf.net feature request id in the change log]
1998 #
1999 # Revision 1.103 2002/02/20 05:05:28 richard
2000 # . Added simple editing for classes that don't define a templated interface.
2001 # - access using the admin "class list" interface
2002 # - limited to admin-only
2003 # - requires the csv module from object-craft (url given if it's missing)
2004 #
2005 # Revision 1.102 2002/02/15 07:08:44 richard
2006 # . Alternate email addresses are now available for users. See the MIGRATION
2007 # file for info on how to activate the feature.
2008 #
2009 # Revision 1.101 2002/02/14 23:39:18 richard
2010 # . All forms now have "double-submit" protection when Javascript is enabled
2011 # on the client-side.
2012 #
2013 # Revision 1.100 2002/01/16 07:02:57 richard
2014 # . lots of date/interval related changes:
2015 # - more relaxed date format for input
2016 #
2017 # Revision 1.99 2002/01/16 03:02:42 richard
2018 # #503793 ] changing assignedto resets nosy list
2019 #
2020 # Revision 1.98 2002/01/14 02:20:14 richard
2021 # . changed all config accesses so they access either the instance or the
2022 # config attriubute on the db. This means that all config is obtained from
2023 # instance_config instead of the mish-mash of classes. This will make
2024 # switching to a ConfigParser setup easier too, I hope.
2025 #
2026 # At a minimum, this makes migration a _little_ easier (a lot easier in the
2027 # 0.5.0 switch, I hope!)
2028 #
2029 # Revision 1.97 2002/01/11 23:22:29 richard
2030 # . #502437 ] rogue reactor and unittest
2031 # in short, the nosy reactor was modifying the nosy list. That code had
2032 # been there for a long time, and I suspsect it was there because we
2033 # weren't generating the nosy list correctly in other places of the code.
2034 # We're now doing that, so the nosy-modifying code can go away from the
2035 # nosy reactor.
2036 #
2037 # Revision 1.96 2002/01/10 05:26:10 richard
2038 # missed a parsePropsFromForm in last update
2039 #
2040 # Revision 1.95 2002/01/10 03:39:45 richard
2041 # . fixed some problems with web editing and change detection
2042 #
2043 # Revision 1.94 2002/01/09 13:54:21 grubert
2044 # _add_assignedto_to_nosy did set nosy to assignedto only, no adding.
2045 #
2046 # Revision 1.93 2002/01/08 11:57:12 richard
2047 # crying out for real configuration handling... :(
2048 #
2049 # Revision 1.92 2002/01/08 04:12:05 richard
2050 # Changed message-id format to "<%s.%s.%s%s@%s>" so it complies with RFC822
2051 #
2052 # Revision 1.91 2002/01/08 04:03:47 richard
2053 # I mucked the intent of the code up.
2054 #
2055 # Revision 1.90 2002/01/08 03:56:55 richard
2056 # Oops, missed this before the beta:
2057 # . #495392 ] empty nosy -patch
2058 #
2059 # Revision 1.89 2002/01/07 20:24:45 richard
2060 # *mutter* stupid cutnpaste
2061 #
2062 # Revision 1.88 2002/01/02 02:31:38 richard
2063 # Sorry for the huge checkin message - I was only intending to implement #496356
2064 # but I found a number of places where things had been broken by transactions:
2065 # . modified ROUNDUPDBSENDMAILDEBUG to be SENDMAILDEBUG and hold a filename
2066 # for _all_ roundup-generated smtp messages to be sent to.
2067 # . the transaction cache had broken the roundupdb.Class set() reactors
2068 # . newly-created author users in the mailgw weren't being committed to the db
2069 #
2070 # Stuff that made it into CHANGES.txt (ie. the stuff I was actually working
2071 # on when I found that stuff :):
2072 # . #496356 ] Use threading in messages
2073 # . detectors were being registered multiple times
2074 # . added tests for mailgw
2075 # . much better attaching of erroneous messages in the mail gateway
2076 #
2077 # Revision 1.87 2001/12/23 23:18:49 richard
2078 # We already had an admin-specific section of the web heading, no need to add
2079 # another one :)
2080 #
2081 # Revision 1.86 2001/12/20 15:43:01 rochecompaan
2082 # Features added:
2083 # . Multilink properties are now displayed as comma separated values in
2084 # a textbox
2085 # . The add user link is now only visible to the admin user
2086 # . Modified the mail gateway to reject submissions from unknown
2087 # addresses if ANONYMOUS_ACCESS is denied
2088 #
2089 # Revision 1.85 2001/12/20 06:13:24 rochecompaan
2090 # Bugs fixed:
2091 # . Exception handling in hyperdb for strings-that-look-like numbers got
2092 # lost somewhere
2093 # . Internet Explorer submits full path for filename - we now strip away
2094 # the path
2095 # Features added:
2096 # . Link and multilink properties are now displayed sorted in the cgi
2097 # interface
2098 #
2099 # Revision 1.84 2001/12/18 15:30:30 rochecompaan
2100 # Fixed bugs:
2101 # . Fixed file creation and retrieval in same transaction in anydbm
2102 # backend
2103 # . Cgi interface now renders new issue after issue creation
2104 # . Could not set issue status to resolved through cgi interface
2105 # . Mail gateway was changing status back to 'chatting' if status was
2106 # omitted as an argument
2107 #
2108 # Revision 1.83 2001/12/15 23:51:01 richard
2109 # Tested the changes and fixed a few problems:
2110 # . files are now attached to the issue as well as the message
2111 # . newuser is a real method now since we don't want to do the message/file
2112 # stuff for it
2113 # . added some documentation
2114 # The really big changes in the diff are a result of me moving some code
2115 # around to keep like methods together a bit better.
2116 #
2117 # Revision 1.82 2001/12/15 19:24:39 rochecompaan
2118 # . Modified cgi interface to change properties only once all changes are
2119 # collected, files created and messages generated.
2120 # . Moved generation of change note to nosyreactors.
2121 # . We now check for changes to "assignedto" to ensure it's added to the
2122 # nosy list.
2123 #
2124 # Revision 1.81 2001/12/12 23:55:00 richard
2125 # Fixed some problems with user editing
2126 #
2127 # Revision 1.80 2001/12/12 23:27:14 richard
2128 # Added a Zope frontend for roundup.
2129 #
2130 # Revision 1.79 2001/12/10 22:20:01 richard
2131 # Enabled transaction support in the bsddb backend. It uses the anydbm code
2132 # where possible, only replacing methods where the db is opened (it uses the
2133 # btree opener specifically.)
2134 # Also cleaned up some change note generation.
2135 # Made the backends package work with pydoc too.
2136 #
2137 # Revision 1.78 2001/12/07 05:59:27 rochecompaan
2138 # Fixed small bug that prevented adding issues through the web.
2139 #
2140 # Revision 1.77 2001/12/06 22:48:29 richard
2141 # files multilink was being nuked in post_edit_node
2142 #
2143 # Revision 1.76 2001/12/05 14:26:44 rochecompaan
2144 # Removed generation of change note from "sendmessage" in roundupdb.py.
2145 # The change note is now generated when the message is created.
2146 #
2147 # Revision 1.75 2001/12/04 01:25:08 richard
2148 # Added some rollbacks where we were catching exceptions that would otherwise
2149 # have stopped committing.
2150 #
2151 # Revision 1.74 2001/12/02 05:06:16 richard
2152 # . We now use weakrefs in the Classes to keep the database reference, so
2153 # the close() method on the database is no longer needed.
2154 # I bumped the minimum python requirement up to 2.1 accordingly.
2155 # . #487480 ] roundup-server
2156 # . #487476 ] INSTALL.txt
2157 #
2158 # I also cleaned up the change message / post-edit stuff in the cgi client.
2159 # There's now a clearly marked "TODO: append the change note" where I believe
2160 # the change note should be added there. The "changes" list will obviously
2161 # have to be modified to be a dict of the changes, or somesuch.
2162 #
2163 # More testing needed.
2164 #
2165 # Revision 1.73 2001/12/01 07:17:50 richard
2166 # . We now have basic transaction support! Information is only written to
2167 # the database when the commit() method is called. Only the anydbm
2168 # backend is modified in this way - neither of the bsddb backends have been.
2169 # The mail, admin and cgi interfaces all use commit (except the admin tool
2170 # doesn't have a commit command, so interactive users can't commit...)
2171 # . Fixed login/registration forwarding the user to the right page (or not,
2172 # on a failure)
2173 #
2174 # Revision 1.72 2001/11/30 20:47:58 rochecompaan
2175 # Links in page header are now consistent with default sort order.
2176 #
2177 # Fixed bugs:
2178 # - When login failed the list of issues were still rendered.
2179 # - User was redirected to index page and not to his destination url
2180 # if his first login attempt failed.
2181 #
2182 # Revision 1.71 2001/11/30 20:28:10 rochecompaan
2183 # Property changes are now completely traceable, whether changes are
2184 # made through the web or by email
2185 #
2186 # Revision 1.70 2001/11/30 00:06:29 richard
2187 # Converted roundup/cgi_client.py to use _()
2188 # Added the status file, I18N_PROGRESS.txt
2189 #
2190 # Revision 1.69 2001/11/29 23:19:51 richard
2191 # Removed the "This issue has been edited through the web" when a valid
2192 # change note is supplied.
2193 #
2194 # Revision 1.68 2001/11/29 04:57:23 richard
2195 # a little comment
2196 #
2197 # Revision 1.67 2001/11/28 21:55:35 richard
2198 # . login_action and newuser_action return values were being ignored
2199 # . Woohoo! Found that bloody re-login bug that was killing the mail
2200 # gateway.
2201 # (also a minor cleanup in hyperdb)
2202 #
2203 # Revision 1.66 2001/11/27 03:00:50 richard
2204 # couple of bugfixes from latest patch integration
2205 #
2206 # Revision 1.65 2001/11/26 23:00:53 richard
2207 # This config stuff is getting to be a real mess...
2208 #
2209 # Revision 1.64 2001/11/26 22:56:35 richard
2210 # typo
2211 #
2212 # Revision 1.63 2001/11/26 22:55:56 richard
2213 # Feature:
2214 # . Added INSTANCE_NAME to configuration - used in web and email to identify
2215 # the instance.
2216 # . Added EMAIL_SIGNATURE_POSITION to indicate where to place the roundup
2217 # signature info in e-mails.
2218 # . Some more flexibility in the mail gateway and more error handling.
2219 # . Login now takes you to the page you back to the were denied access to.
2220 #
2221 # Fixed:
2222 # . Lots of bugs, thanks Roché and others on the devel mailing list!
2223 #
2224 # Revision 1.62 2001/11/24 00:45:42 jhermann
2225 # typeof() instead of type(): avoid clash with database field(?) "type"
2226 #
2227 # Fixes this traceback:
2228 #
2229 # Traceback (most recent call last):
2230 # File "roundup\cgi_client.py", line 535, in newnode
2231 # self._post_editnode(nid)
2232 # File "roundup\cgi_client.py", line 415, in _post_editnode
2233 # if type(value) != type([]): value = [value]
2234 # UnboundLocalError: local variable 'type' referenced before assignment
2235 #
2236 # Revision 1.61 2001/11/22 15:46:42 jhermann
2237 # Added module docstrings to all modules.
2238 #
2239 # Revision 1.60 2001/11/21 22:57:28 jhermann
2240 # Added dummy hooks for I18N and some preliminary (test) markup of
2241 # translatable messages
2242 #
2243 # Revision 1.59 2001/11/21 03:21:13 richard
2244 # oops
2245 #
2246 # Revision 1.58 2001/11/21 03:11:28 richard
2247 # Better handling of new properties.
2248 #
2249 # Revision 1.57 2001/11/15 10:24:27 richard
2250 # handle the case where there is no file attached
2251 #
2252 # Revision 1.56 2001/11/14 21:35:21 richard
2253 # . users may attach files to issues (and support in ext) through the web now
2254 #
2255 # Revision 1.55 2001/11/07 02:34:06 jhermann
2256 # Handling of damaged login cookies
2257 #
2258 # Revision 1.54 2001/11/07 01:16:12 richard
2259 # Remove the '=' padding from cookie value so quoting isn't an issue.
2260 #
2261 # Revision 1.53 2001/11/06 23:22:05 jhermann
2262 # More IE fixes: it does not like quotes around cookie values; in the
2263 # hope this does not break anything for other browser; if it does, we
2264 # need to check HTTP_USER_AGENT
2265 #
2266 # Revision 1.52 2001/11/06 23:11:22 jhermann
2267 # Fixed debug output in page footer; added expiry date to the login cookie
2268 # (expires 1 year in the future) to prevent probs with certain versions
2269 # of IE
2270 #
2271 # Revision 1.51 2001/11/06 22:00:34 jhermann
2272 # Get debug level from ROUNDUP_DEBUG env var
2273 #
2274 # Revision 1.50 2001/11/05 23:45:40 richard
2275 # Fixed newuser_action so it sets the cookie with the unencrypted password.
2276 # Also made it present nicer error messages (not tracebacks).
2277 #
2278 # Revision 1.49 2001/11/04 03:07:12 richard
2279 # Fixed various cookie-related bugs:
2280 # . bug #477685 ] base64.decodestring breaks
2281 # . bug #477837 ] lynx does not like the cookie
2282 # . bug #477892 ] Password edit doesn't fix login cookie
2283 # Also closed a security hole - a logged-in user could edit another user's
2284 # details.
2285 #
2286 # Revision 1.48 2001/11/03 01:30:18 richard
2287 # Oops. uses pagefoot now.
2288 #
2289 # Revision 1.47 2001/11/03 01:29:28 richard
2290 # Login page didn't have all close tags.
2291 #
2292 # Revision 1.46 2001/11/03 01:26:55 richard
2293 # possibly fix truncated base64'ed user:pass
2294 #
2295 # Revision 1.45 2001/11/01 22:04:37 richard
2296 # Started work on supporting a pop3-fetching server
2297 # Fixed bugs:
2298 # . bug #477104 ] HTML tag error in roundup-server
2299 # . bug #477107 ] HTTP header problem
2300 #
2301 # Revision 1.44 2001/10/28 23:03:08 richard
2302 # Added more useful header to the classic schema.
2303 #
2304 # Revision 1.43 2001/10/24 00:01:42 richard
2305 # More fixes to lockout logic.
2306 #
2307 # Revision 1.42 2001/10/23 23:56:03 richard
2308 # HTML typo
2309 #
2310 # Revision 1.41 2001/10/23 23:52:35 richard
2311 # Fixed lock-out logic, thanks Roch'e for pointing out the problems.
2312 #
2313 # Revision 1.40 2001/10/23 23:06:39 richard
2314 # Some cleanup.
2315 #
2316 # Revision 1.39 2001/10/23 01:00:18 richard
2317 # Re-enabled login and registration access after lopping them off via
2318 # disabling access for anonymous users.
2319 # Major re-org of the htmltemplate code, cleaning it up significantly. Fixed
2320 # a couple of bugs while I was there. Probably introduced a couple, but
2321 # things seem to work OK at the moment.
2322 #
2323 # Revision 1.38 2001/10/22 03:25:01 richard
2324 # Added configuration for:
2325 # . anonymous user access and registration (deny/allow)
2326 # . filter "widget" location on index page (top, bottom, both)
2327 # Updated some documentation.
2328 #
2329 # Revision 1.37 2001/10/21 07:26:35 richard
2330 # feature #473127: Filenames. I modified the file.index and htmltemplate
2331 # source so that the filename is used in the link and the creation
2332 # information is displayed.
2333 #
2334 # Revision 1.36 2001/10/21 04:44:50 richard
2335 # bug #473124: UI inconsistency with Link fields.
2336 # This also prompted me to fix a fairly long-standing usability issue -
2337 # that of being able to turn off certain filters.
2338 #
2339 # Revision 1.35 2001/10/21 00:17:54 richard
2340 # CGI interface view customisation section may now be hidden (patch from
2341 # Roch'e Compaan.)
2342 #
2343 # Revision 1.34 2001/10/20 11:58:48 richard
2344 # Catch errors in login - no username or password supplied.
2345 # Fixed editing of password (Password property type) thanks Roch'e Compaan.
2346 #
2347 # Revision 1.33 2001/10/17 00:18:41 richard
2348 # Manually constructing cookie headers now.
2349 #
2350 # Revision 1.32 2001/10/16 03:36:21 richard
2351 # CGI interface wasn't handling checkboxes at all.
2352 #
2353 # Revision 1.31 2001/10/14 10:55:00 richard
2354 # Handle empty strings in HTML template Link function
2355 #
2356 # Revision 1.30 2001/10/09 07:38:58 richard
2357 # Pushed the base code for the extended schema CGI interface back into the
2358 # code cgi_client module so that future updates will be less painful.
2359 # Also removed a debugging print statement from cgi_client.
2360 #
2361 # Revision 1.29 2001/10/09 07:25:59 richard
2362 # Added the Password property type. See "pydoc roundup.password" for
2363 # implementation details. Have updated some of the documentation too.
2364 #
2365 # Revision 1.28 2001/10/08 00:34:31 richard
2366 # Change message was stuffing up for multilinks with no key property.
2367 #
2368 # Revision 1.27 2001/10/05 02:23:24 richard
2369 # . roundup-admin create now prompts for property info if none is supplied
2370 # on the command-line.
2371 # . hyperdb Class getprops() method may now return only the mutable
2372 # properties.
2373 # . Login now uses cookies, which makes it a whole lot more flexible. We can
2374 # now support anonymous user access (read-only, unless there's an
2375 # "anonymous" user, in which case write access is permitted). Login
2376 # handling has been moved into cgi_client.Client.main()
2377 # . The "extended" schema is now the default in roundup init.
2378 # . The schemas have had their page headings modified to cope with the new
2379 # login handling. Existing installations should copy the interfaces.py
2380 # file from the roundup lib directory to their instance home.
2381 # . Incorrectly had a Bizar Software copyright on the cgitb.py module from
2382 # Ping - has been removed.
2383 # . Fixed a whole bunch of places in the CGI interface where we should have
2384 # been returning Not Found instead of throwing an exception.
2385 # . Fixed a deviation from the spec: trying to modify the 'id' property of
2386 # an item now throws an exception.
2387 #
2388 # Revision 1.26 2001/09/12 08:31:42 richard
2389 # handle cases where mime type is not guessable
2390 #
2391 # Revision 1.25 2001/08/29 05:30:49 richard
2392 # change messages weren't being saved when there was no-one on the nosy list.
2393 #
2394 # Revision 1.24 2001/08/29 04:49:39 richard
2395 # didn't clean up fully after debugging :(
2396 #
2397 # Revision 1.23 2001/08/29 04:47:18 richard
2398 # Fixed CGI client change messages so they actually include the properties
2399 # changed (again).
2400 #
2401 # Revision 1.22 2001/08/17 00:08:10 richard
2402 # reverted back to sending messages always regardless of who is doing the web
2403 # edit. change notes weren't being saved. bleah. hackish.
2404 #
2405 # Revision 1.21 2001/08/15 23:43:18 richard
2406 # Fixed some isFooTypes that I missed.
2407 # Refactored some code in the CGI code.
2408 #
2409 # Revision 1.20 2001/08/12 06:32:36 richard
2410 # using isinstance(blah, Foo) now instead of isFooType
2411 #
2412 # Revision 1.19 2001/08/07 00:24:42 richard
2413 # stupid typo
2414 #
2415 # Revision 1.18 2001/08/07 00:15:51 richard
2416 # Added the copyright/license notice to (nearly) all files at request of
2417 # Bizar Software.
2418 #
2419 # Revision 1.17 2001/08/02 06:38:17 richard
2420 # Roundupdb now appends "mailing list" information to its messages which
2421 # include the e-mail address and web interface address. Templates may
2422 # override this in their db classes to include specific information (support
2423 # instructions, etc).
2424 #
2425 # Revision 1.16 2001/08/02 05:55:25 richard
2426 # Web edit messages aren't sent to the person who did the edit any more. No
2427 # message is generated if they are the only person on the nosy list.
2428 #
2429 # Revision 1.15 2001/08/02 00:34:10 richard
2430 # bleah syntax error
2431 #
2432 # Revision 1.14 2001/08/02 00:26:16 richard
2433 # Changed the order of the information in the message generated by web edits.
2434 #
2435 # Revision 1.13 2001/07/30 08:12:17 richard
2436 # Added time logging and file uploading to the templates.
2437 #
2438 # Revision 1.12 2001/07/30 06:26:31 richard
2439 # Added some documentation on how the newblah works.
2440 #
2441 # Revision 1.11 2001/07/30 06:17:45 richard
2442 # Features:
2443 # . Added ability for cgi newblah forms to indicate that the new node
2444 # should be linked somewhere.
2445 # Fixed:
2446 # . Fixed the agument handling for the roundup-admin find command.
2447 # . Fixed handling of summary when no note supplied for newblah. Again.
2448 # . Fixed detection of no form in htmltemplate Field display.
2449 #
2450 # Revision 1.10 2001/07/30 02:37:34 richard
2451 # Temporary measure until we have decent schema migration...
2452 #
2453 # Revision 1.9 2001/07/30 01:25:07 richard
2454 # Default implementation is now "classic" rather than "extended" as one would
2455 # expect.
2456 #
2457 # Revision 1.8 2001/07/29 08:27:40 richard
2458 # Fixed handling of passed-in values in form elements (ie. during a
2459 # drill-down)
2460 #
2461 # Revision 1.7 2001/07/29 07:01:39 richard
2462 # Added vim command to all source so that we don't get no steenkin' tabs :)
2463 #
2464 # Revision 1.6 2001/07/29 04:04:00 richard
2465 # Moved some code around allowing for subclassing to change behaviour.
2466 #
2467 # Revision 1.5 2001/07/28 08:16:52 richard
2468 # New issue form handles lack of note better now.
2469 #
2470 # Revision 1.4 2001/07/28 00:34:34 richard
2471 # Fixed some non-string node ids.
2472 #
2473 # Revision 1.3 2001/07/23 03:56:30 richard
2474 # oops, missed a config removal
2475 #
2476 # Revision 1.2 2001/07/22 12:09:32 richard
2477 # Final commit of Grande Splite
2478 #
2479 # Revision 1.1 2001/07/22 11:58:35 richard
2480 # More Grande Splite
2481 #
2482 #
2483 # vim: set filetype=python ts=4 sw=4 et si