1 #
2 # Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/)
3 # This module is free software, and you may redistribute it and/or modify
4 # under the same terms as Python, so long as this copyright message and
5 # disclaimer are retained in their original form.
6 #
7 # IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR
8 # DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
9 # OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE
10 # POSSIBILITY OF SUCH DAMAGE.
11 #
12 # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
13 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
14 # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS"
15 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
16 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
17 #
18 # $Id: cgi_client.py,v 1.145 2002-07-26 08:26:59 richard Exp $
20 __doc__ = """
21 WWW request handler (also used in the stand-alone server).
22 """
24 import os, cgi, StringIO, urlparse, re, traceback, mimetypes, urllib
25 import binascii, Cookie, time, random
27 import roundupdb, htmltemplate, date, hyperdb, password
28 from roundup.i18n import _
30 class Unauthorised(ValueError):
31 pass
33 class NotFound(ValueError):
34 pass
36 def initialiseSecurity(security):
37 ''' Create some Permissions and Roles on the security object
39 This function is directly invoked by security.Security.__init__()
40 as a part of the Security object instantiation.
41 '''
42 security.addPermission(name="Web Registration",
43 description="User may register through the web")
45 # doing Role stuff through the web - make sure Admin can
46 p = security.addPermission(name="Web Roles",
47 description="User may manipulate user Roles through the web")
48 security.addPermissionToRole('Admin', p)
50 class Client:
51 '''
52 A note about login
53 ------------------
55 If the user has no login cookie, then they are anonymous. There
56 are two levels of anonymous use. If there is no 'anonymous' user, there
57 is no login at all and the database is opened in read-only mode. If the
58 'anonymous' user exists, the user is logged in using that user (though
59 there is no cookie). This allows them to modify the database, and all
60 modifications are attributed to the 'anonymous' user.
62 Once a user logs in, they are assigned a session. The Client instance
63 keeps the nodeid of the session as the "session" attribute.
64 '''
66 def __init__(self, instance, request, env, form=None):
67 hyperdb.traceMark()
68 self.instance = instance
69 self.request = request
70 self.env = env
71 self.path = env['PATH_INFO']
72 self.split_path = self.path.split('/')
73 self.instance_path_name = env['INSTANCE_NAME']
74 url = self.env['SCRIPT_NAME'] + '/'
75 machine = self.env['SERVER_NAME']
76 port = self.env['SERVER_PORT']
77 if port != '80': machine = machine + ':' + port
78 self.base = urlparse.urlunparse(('http', env['HTTP_HOST'], url,
79 None, None, None))
81 if form is None:
82 self.form = cgi.FieldStorage(environ=env)
83 else:
84 self.form = form
85 self.headers_done = 0
86 try:
87 self.debug = int(env.get("ROUNDUP_DEBUG", 0))
88 except ValueError:
89 # someone gave us a non-int debug level, turn it off
90 self.debug = 0
92 def getuid(self):
93 try:
94 return self.db.user.lookup(self.user)
95 except KeyError:
96 if self.user is None:
97 # user is not logged in and username 'anonymous' doesn't
98 # exist in the database
99 err = _('anonymous users have read-only access only')
100 else:
101 err = _("sanity check: unknown user name `%s'")%self.user
102 raise Unauthorised, errmsg
104 def header(self, headers=None, response=200):
105 '''Put up the appropriate header.
106 '''
107 if headers is None:
108 headers = {'Content-Type':'text/html'}
109 if not headers.has_key('Content-Type'):
110 headers['Content-Type'] = 'text/html'
111 self.request.send_response(response)
112 for entry in headers.items():
113 self.request.send_header(*entry)
114 self.request.end_headers()
115 self.headers_done = 1
116 if self.debug:
117 self.headers_sent = headers
119 global_javascript = '''
120 <script language="javascript">
121 submitted = false;
122 function submit_once() {
123 if (submitted) {
124 alert("Your request is being processed.\\nPlease be patient.");
125 return 0;
126 }
127 submitted = true;
128 return 1;
129 }
131 function help_window(helpurl, width, height) {
132 HelpWin = window.open('%(base)s%(instance_path_name)s/' + helpurl, 'RoundupHelpWindow', 'scrollbars=yes,resizable=yes,toolbar=no,height='+height+',width='+width);
133 }
135 </script>
136 '''
137 def make_index_link(self, name):
138 '''Turn a configuration entry into a hyperlink...
139 '''
140 # get the link label and spec
141 spec = getattr(self.instance, name+'_INDEX')
143 d = {}
144 d[':sort'] = ','.join(map(urllib.quote, spec['SORT']))
145 d[':group'] = ','.join(map(urllib.quote, spec['GROUP']))
146 d[':filter'] = ','.join(map(urllib.quote, spec['FILTER']))
147 d[':columns'] = ','.join(map(urllib.quote, spec['COLUMNS']))
148 d[':pagesize'] = spec.get('PAGESIZE','50')
150 # snarf the filterspec
151 filterspec = spec['FILTERSPEC'].copy()
153 # now format the filterspec
154 for k, l in filterspec.items():
155 # fix up the CURRENT USER if needed (handle None too since that's
156 # the old flag value)
157 if l in (None, 'CURRENT USER'):
158 if not self.user:
159 continue
160 l = [self.db.user.lookup(self.user)]
162 # add
163 d[urllib.quote(k)] = ','.join(map(urllib.quote, l))
165 # finally, format the URL
166 return '<a href="%s?%s">%s</a>'%(spec['CLASS'],
167 '&'.join([k+'='+v for k,v in d.items()]), spec['LABEL'])
170 def pagehead(self, title, message=None):
171 '''Display the page heading, with information about the tracker and
172 links to more information
173 '''
175 # include any important message
176 if message is not None:
177 message = _('<div class="system-msg">%(message)s</div>')%locals()
178 else:
179 message = ''
181 # style sheet (CSS)
182 style = open(os.path.join(self.instance.TEMPLATES, 'style.css')).read()
184 # figure who the user is
185 user_name = self.user
186 userid = self.db.user.lookup(user_name)
188 # figure all the header links
189 if hasattr(self.instance, 'HEADER_INDEX_LINKS'):
190 links = []
191 for name in self.instance.HEADER_INDEX_LINKS:
192 spec = getattr(self.instance, name + '_INDEX')
193 # skip if we need to fill in the logged-in user id and
194 # we're anonymous
195 if (spec['FILTERSPEC'].has_key('assignedto') and
196 spec['FILTERSPEC']['assignedto'] in ('CURRENT USER',
197 None) and user_name == 'anonymous'):
198 continue
199 links.append(self.make_index_link(name))
200 else:
201 # no config spec - hard-code
202 links = [
203 _('All <a href="issue?status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>'),
204 _('Unassigned <a href="issue?assignedto=-1&status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status,assignedto&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>')
205 ]
207 user_info = _('<a href="login">Login</a>')
208 add_links = ''
209 if user_name != 'anonymous':
210 # add any personal queries to the menu
211 try:
212 queries = self.db.getclass('query')
213 except KeyError:
214 # no query class
215 queries = self.instance.dbinit.Class(self.db, "query",
216 klass=hyperdb.String(), name=hyperdb.String(),
217 url=hyperdb.String())
218 queries.setkey('name')
219 #queries.disableJournalling()
220 try:
221 qids = self.db.getclass('user').get(userid, 'queries')
222 except KeyError, e:
223 #self.db.getclass('user').addprop(queries=hyperdb.Multilink('query'))
224 qids = []
225 for qid in qids:
226 links.append('<a href=%s?%s>%s</a>'%(queries.get(qid, 'klass'),
227 queries.get(qid, 'url'), queries.get(qid, 'name')))
229 # if they're logged in, include links to their information,
230 # and the ability to add an issue
231 user_info = _('''
232 <a href="user%(userid)s">My Details</a> | <a href="logout">Logout</a>
233 ''')%locals()
236 # figure the "add class" links
237 if hasattr(self.instance, 'HEADER_ADD_LINKS'):
238 classes = self.instance.HEADER_ADD_LINKS
239 else:
240 classes = ['issue']
241 l = []
242 for class_name in classes:
243 # make sure the user has permission to add
244 if not self.db.security.hasPermission('Edit', userid, class_name):
245 continue
246 cap_class = class_name.capitalize()
247 links.append(_('Add <a href="new%(class_name)s">'
248 '%(cap_class)s</a>')%locals())
250 # if the user can edit everything, include the links
251 admin_links = ''
252 userid = self.db.user.lookup(user_name)
253 if self.db.security.hasPermission('Edit', userid):
254 links.append(_('<a href="list_classes">Class List</a>'))
255 links.append(_('<a href="user?:sort=username&:group=roles">User List</a>'))
256 links.append(_('<a href="newuser">Add User</a>'))
258 # add the search links
259 if hasattr(self.instance, 'HEADER_SEARCH_LINKS'):
260 classes = self.instance.HEADER_SEARCH_LINKS
261 else:
262 classes = ['issue']
263 l = []
264 for class_name in classes:
265 # make sure the user has permission to view
266 if not self.db.security.hasPermission('View', userid, class_name):
267 continue
268 cap_class = class_name.capitalize()
269 links.append(_('Search <a href="search%(class_name)s">'
270 '%(cap_class)s</a>')%locals())
272 # now we have all the links, join 'em
273 links = '\n | '.join(links)
275 # include the javascript bit
276 global_javascript = self.global_javascript%self.__dict__
278 # finally, format the header
279 self.write(_('''<html><head>
280 <title>%(title)s</title>
281 <style type="text/css">%(style)s</style>
282 </head>
283 %(global_javascript)s
284 <body bgcolor=#ffffff>
285 %(message)s
286 <table width=100%% border=0 cellspacing=0 cellpadding=2>
287 <tr class="location-bar">
288 <td><big><strong>%(title)s</strong></big></td>
289 <td align=right valign=bottom>%(user_name)s</td>
290 </tr>
291 <tr class="location-bar">
292 <td align=left>%(links)s</td>
293 <td align=right>%(user_info)s</td>
294 </tr>
295 </table><br>
296 ''')%locals())
298 def pagefoot(self):
299 if self.debug:
300 self.write(_('<hr><small><dl><dt><b>Path</b></dt>'))
301 self.write('<dd>%s</dd>'%(', '.join(map(repr, self.split_path))))
302 keys = self.form.keys()
303 keys.sort()
304 if keys:
305 self.write(_('<dt><b>Form entries</b></dt>'))
306 for k in self.form.keys():
307 v = self.form.getvalue(k, "<empty>")
308 if type(v) is type([]):
309 # Multiple username fields specified
310 v = "|".join(v)
311 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
312 keys = self.headers_sent.keys()
313 keys.sort()
314 self.write(_('<dt><b>Sent these HTTP headers</b></dt>'))
315 for k in keys:
316 v = self.headers_sent[k]
317 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
318 keys = self.env.keys()
319 keys.sort()
320 self.write(_('<dt><b>CGI environment</b></dt>'))
321 for k in keys:
322 v = self.env[k]
323 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
324 self.write('</dl></small>')
325 self.write('</body></html>')
327 def write(self, content):
328 if not self.headers_done:
329 self.header()
330 self.request.wfile.write(content)
332 def index_arg(self, arg):
333 ''' handle the args to index - they might be a list from the form
334 (ie. submitted from a form) or they might be a command-separated
335 single string (ie. manually constructed GET args)
336 '''
337 if self.form.has_key(arg):
338 arg = self.form[arg]
339 if type(arg) == type([]):
340 return [arg.value for arg in arg]
341 return arg.value.split(',')
342 return []
344 def index_sort(self):
345 # first try query string
346 x = self.index_arg(':sort')
347 if x:
348 return x
349 # nope - get the specs out of the form
350 specs = []
351 for colnm in self.db.getclass(self.classname).getprops().keys():
352 desc = ''
353 try:
354 spec = self.form[':%s_ss' % colnm]
355 except KeyError:
356 continue
357 spec = spec.value
358 if spec:
359 if spec[-1] == '-':
360 desc='-'
361 spec = spec[0]
362 specs.append((int(spec), colnm, desc))
363 specs.sort()
364 x = []
365 for _, colnm, desc in specs:
366 x.append('%s%s' % (desc, colnm))
367 return x
369 def index_filterspec(self, filter, classname=None):
370 ''' pull the index filter spec from the form
372 Links and multilinks want to be lists - the rest are straight
373 strings.
374 '''
375 if classname is None:
376 classname = self.classname
377 klass = self.db.getclass(classname)
378 filterspec = {}
379 props = klass.getprops()
380 for colnm in filter:
381 widget = ':%s_fs' % colnm
382 try:
383 val = self.form[widget]
384 except KeyError:
385 try:
386 val = self.form[colnm]
387 except KeyError:
388 # they checked the filter box but didn't enter a value
389 continue
390 propdescr = props.get(colnm, None)
391 if propdescr is None:
392 print "huh? %r is in filter & form, but not in Class!" % colnm
393 raise "butthead programmer"
394 if (isinstance(propdescr, hyperdb.Link) or
395 isinstance(propdescr, hyperdb.Multilink)):
396 if type(val) == type([]):
397 val = [arg.value for arg in val]
398 else:
399 val = val.value.split(',')
400 l = filterspec.get(colnm, [])
401 l = l + val
402 filterspec[colnm] = l
403 else:
404 filterspec[colnm] = val.value
406 return filterspec
408 def customization_widget(self):
409 ''' The customization widget is visible by default. The widget
410 visibility is remembered by show_customization. Visibility
411 is not toggled if the action value is "Redisplay"
412 '''
413 if not self.form.has_key('show_customization'):
414 visible = 1
415 else:
416 visible = int(self.form['show_customization'].value)
417 if self.form.has_key('action'):
418 if self.form['action'].value != 'Redisplay':
419 visible = self.form['action'].value == '+'
421 return visible
423 # TODO: make this go away some day...
424 default_index_sort = ['-activity']
425 default_index_group = ['priority']
426 default_index_filter = ['status']
427 default_index_columns = ['id','activity','title','status','assignedto']
428 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
429 default_pagesize = '50'
431 def _get_customisation_info(self):
432 # see if the web has supplied us with any customisation info
433 for key in ':sort', ':group', ':filter', ':columns', ':pagesize':
434 if self.form.has_key(key):
435 # make list() extract the info from the CGI environ
436 self.classname = 'issue'
437 sort = group = filter = columns = filterspec = pagesize = None
438 break
439 else:
440 # TODO: look up the session first
441 # try the instance config first
442 if hasattr(self.instance, 'DEFAULT_INDEX'):
443 d = self.instance.DEFAULT_INDEX
444 self.classname = d['CLASS']
445 sort = d['SORT']
446 group = d['GROUP']
447 filter = d['FILTER']
448 columns = d['COLUMNS']
449 filterspec = d['FILTERSPEC']
450 pagesize = d.get('PAGESIZE', '50')
451 else:
452 # nope - fall back on the old way of doing it
453 self.classname = 'issue'
454 sort = self.default_index_sort
455 group = self.default_index_group
456 filter = self.default_index_filter
457 columns = self.default_index_columns
458 filterspec = self.default_index_filterspec
459 pagesize = self.default_pagesize
460 return columns, filter, group, sort, filterspec, pagesize
462 def index(self):
463 ''' put up an index - no class specified
464 '''
465 columns, filter, group, sort, filterspec, pagesize = \
466 self._get_customisation_info()
467 return self.list(columns=columns, filter=filter, group=group,
468 sort=sort, filterspec=filterspec, pagesize=pagesize)
470 def searchnode(self):
471 columns, filter, group, sort, filterspec, pagesize = \
472 self._get_customisation_info()
473 cn = self.classname
474 self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
475 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
476 index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
477 self.write('<form onSubmit="return submit_once()" action="%s">\n'%self.classname)
478 all_columns = self.db.getclass(cn).getprops().keys()
479 all_columns.sort()
480 index.filter_section('', filter, columns, group, all_columns, sort,
481 filterspec, pagesize, 0)
482 self.pagefoot()
483 index.db = index.cl = index.properties = None
484 index.clear()
486 # XXX deviates from spec - loses the '+' (that's a reserved character
487 # in URLS
488 def list(self, sort=None, group=None, filter=None, columns=None,
489 filterspec=None, show_customization=None, show_nodes=1,
490 pagesize=None):
491 ''' call the template index with the args
493 :sort - sort by prop name, optionally preceeded with '-'
494 to give descending or nothing for ascending sorting.
495 :group - group by prop name, optionally preceeded with '-' or
496 to sort in descending or nothing for ascending order.
497 :filter - selects which props should be displayed in the filter
498 section. Default is all.
499 :columns - selects the columns that should be displayed.
500 Default is all.
502 '''
503 cn = self.classname
504 cl = self.db.classes[cn]
505 if sort is None: sort = self.index_sort()
506 if group is None: group = self.index_arg(':group')
507 if filter is None: filter = self.index_arg(':filter')
508 if columns is None: columns = self.index_arg(':columns')
509 if filterspec is None: filterspec = self.index_filterspec(filter)
510 if show_customization is None:
511 show_customization = self.customization_widget()
512 if self.form.has_key('search_text'):
513 search_text = self.form['search_text'].value
514 else:
515 search_text = ''
516 if pagesize is None:
517 if self.form.has_key(':pagesize'):
518 pagesize = self.form[':pagesize'].value
519 else:
520 pagesize = '50'
521 pagesize = int(pagesize)
522 if self.form.has_key(':startwith'):
523 startwith = int(self.form[':startwith'].value)
524 else:
525 startwith = 0
527 if self.form.has_key('Query') and self.form['Query'].value == 'Save':
528 # format a query string
529 qd = {}
530 qd[':sort'] = ','.join(map(urllib.quote, sort))
531 qd[':group'] = ','.join(map(urllib.quote, group))
532 qd[':filter'] = ','.join(map(urllib.quote, filter))
533 qd[':columns'] = ','.join(map(urllib.quote, columns))
534 for k, l in filterspec.items():
535 qd[urllib.quote(k)] = ','.join(map(urllib.quote, l))
536 url = '&'.join([k+'='+v for k,v in qd.items()])
537 url += '&:pagesize=%s' % pagesize
538 if search_text:
539 url += '&search_text=%s' % search_text
541 # create a query
542 d = {}
543 d['name'] = nm = self.form[':name'].value
544 if not nm:
545 d['name'] = nm = 'New Query'
546 d['klass'] = self.form[':classname'].value
547 d['url'] = url
548 qid = self.db.getclass('query').create(**d)
550 # and add it to the user's query multilink
551 uid = self.getuid()
552 usercl = self.db.getclass('user')
553 queries = usercl.get(uid, 'queries')
554 queries.append(qid)
555 usercl.set(uid, queries=queries)
557 self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
558 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
560 index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
561 try:
562 index.render(filterspec, search_text, filter, columns, sort,
563 group, show_customization=show_customization,
564 show_nodes=show_nodes, pagesize=pagesize, startwith=startwith)
565 except htmltemplate.MissingTemplateError:
566 self.basicClassEditPage()
567 self.pagefoot()
569 def basicClassEditPage(self):
570 '''Display a basic edit page that allows simple editing of the
571 nodes of the current class
572 '''
573 userid = self.db.user.lookup(self.user)
574 if not self.db.security.hasPermission('Edit', userid):
575 raise Unauthorised
576 w = self.write
577 cn = self.classname
578 cl = self.db.classes[cn]
579 idlessprops = cl.getprops(protected=0).keys()
580 props = ['id'] + idlessprops
582 # get the CSV module
583 try:
584 import csv
585 except ImportError:
586 w(_('Sorry, you need the csv module to use this function.<br>\n'
587 'Get it from: <a href="http://www.object-craft.com.au/projects/csv/">http://www.object-craft.com.au/projects/csv/'))
588 return
590 # do the edit
591 if self.form.has_key('rows'):
592 rows = self.form['rows'].value.splitlines()
593 p = csv.parser()
594 found = {}
595 line = 0
596 for row in rows:
597 line += 1
598 values = p.parse(row)
599 # not a complete row, keep going
600 if not values: continue
602 # extract the nodeid
603 nodeid, values = values[0], values[1:]
604 found[nodeid] = 1
606 # confirm correct weight
607 if len(idlessprops) != len(values):
608 w(_('Not enough values on line %(line)s'%{'line':line}))
609 return
611 # extract the new values
612 d = {}
613 for name, value in zip(idlessprops, values):
614 value = value.strip()
615 # only add the property if it has a value
616 if value:
617 # if it's a multilink, split it
618 if isinstance(cl.properties[name], hyperdb.Multilink):
619 value = value.split(':')
620 d[name] = value
622 # perform the edit
623 if cl.hasnode(nodeid):
624 # edit existing
625 cl.set(nodeid, **d)
626 else:
627 # new node
628 found[cl.create(**d)] = 1
630 # retire the removed entries
631 for nodeid in cl.list():
632 if not found.has_key(nodeid):
633 cl.retire(nodeid)
635 w(_('''<p class="form-help">You may edit the contents of the
636 "%(classname)s" class using this form. Commas, newlines and double
637 quotes (") must be handled delicately. You may include commas and
638 newlines by enclosing the values in double-quotes ("). Double
639 quotes themselves must be quoted by doubling ("").</p>
640 <p class="form-help">Multilink properties have their multiple
641 values colon (":") separated (... ,"one:two:three", ...)</p>
642 <p class="form-help">Remove entries by deleting their line. Add
643 new entries by appending
644 them to the table - put an X in the id column.</p>''')%{'classname':cn})
646 l = []
647 for name in props:
648 l.append(name)
649 w('<tt>')
650 w(', '.join(l) + '\n')
651 w('</tt>')
653 w('<form onSubmit="return submit_once()" method="POST">')
654 w('<textarea name="rows" cols=80 rows=15>')
655 p = csv.parser()
656 for nodeid in cl.list():
657 l = []
658 for name in props:
659 value = cl.get(nodeid, name)
660 if value is None:
661 l.append('')
662 elif isinstance(value, type([])):
663 l.append(cgi.escape(':'.join(map(str, value))))
664 else:
665 l.append(cgi.escape(str(cl.get(nodeid, name))))
666 w(p.join(l) + '\n')
668 w(_('</textarea><br><input type="submit" value="Save Changes"></form>'))
670 def classhelp(self):
671 '''Display a table of class info
672 '''
673 w = self.write
674 cn = self.form['classname'].value
675 cl = self.db.classes[cn]
676 props = self.form['properties'].value.split(',')
677 if cl.labelprop(1) in props:
678 sort = [cl.labelprop(1)]
679 else:
680 sort = props[0]
682 w('<table border=1 cellspacing=0 cellpaddin=2>')
683 w('<tr>')
684 for name in props:
685 w('<th align=left>%s</th>'%name)
686 w('</tr>')
687 for nodeid in cl.filter(None, {}, sort, []): #cl.list():
688 w('<tr>')
689 for name in props:
690 value = cgi.escape(str(cl.get(nodeid, name)))
691 w('<td align="left" valign="top">%s</td>'%value)
692 w('</tr>')
693 w('</table>')
695 def shownode(self, message=None, num_re=re.compile('^\d+$')):
696 ''' display an item
697 '''
698 cn = self.classname
699 cl = self.db.classes[cn]
700 if self.form.has_key(':multilink'):
701 link = self.form[':multilink'].value
702 designator, linkprop = link.split(':')
703 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
704 else:
705 xtra = ''
707 # possibly perform an edit
708 keys = self.form.keys()
709 # don't try to set properties if the user has just logged in
710 if keys and not self.form.has_key('__login_name'):
711 try:
712 props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
713 # make changes to the node
714 self._changenode(props)
715 # handle linked nodes
716 self._post_editnode(self.nodeid)
717 # and some nice feedback for the user
718 if props:
719 message = _('%(changes)s edited ok')%{'changes':
720 ', '.join(props.keys())}
721 elif self.form.has_key('__note') and self.form['__note'].value:
722 message = _('note added')
723 elif (self.form.has_key('__file') and
724 self.form['__file'].filename):
725 message = _('file added')
726 else:
727 message = _('nothing changed')
728 except:
729 self.db.rollback()
730 s = StringIO.StringIO()
731 traceback.print_exc(None, s)
732 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
734 # now the display
735 id = self.nodeid
736 if cl.getkey():
737 id = cl.get(id, cl.getkey())
738 self.pagehead('%s: %s %s'%(self.classname.capitalize(), id, xtra),
739 message)
741 nodeid = self.nodeid
743 # use the template to display the item
744 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
745 self.classname)
746 item.render(nodeid)
748 self.pagefoot()
749 showissue = shownode
750 showmsg = shownode
751 searchissue = searchnode
753 def showquery(self):
754 queries = self.db.getclass(self.classname)
755 if self.form.keys():
756 sort = self.index_sort()
757 group = self.index_arg(':group')
758 filter = self.index_arg(':filter')
759 columns = self.index_arg(':columns')
760 filterspec = self.index_filterspec(filter, queries.get(self.nodeid, 'klass'))
761 if self.form.has_key('search_text'):
762 search_text = self.form['search_text'].value
763 else:
764 search_text = ''
765 if self.form.has_key(':pagesize'):
766 pagesize = int(self.form[':pagesize'].value)
767 else:
768 pagesize = 50
769 # format a query string
770 qd = {}
771 qd[':sort'] = ','.join(map(urllib.quote, sort))
772 qd[':group'] = ','.join(map(urllib.quote, group))
773 qd[':filter'] = ','.join(map(urllib.quote, filter))
774 qd[':columns'] = ','.join(map(urllib.quote, columns))
775 for k, l in filterspec.items():
776 qd[urllib.quote(k)] = ','.join(map(urllib.quote, l))
777 url = '&'.join([k+'='+v for k,v in qd.items()])
778 url += '&:pagesize=%s' % pagesize
779 if search_text:
780 url += '&search_text=%s' % search_text
781 qname = self.form['name'].value
782 chgd = []
783 if qname != queries.get(self.nodeid, 'name'):
784 chgd.append('name')
785 if url != queries.get(self.nodeid, 'url'):
786 chgd.append('url')
787 if chgd:
788 queries.set(self.nodeid, name=qname, url=url)
789 message = _('%(changes)s edited ok')%{'changes': ', '.join(chgd)}
790 else:
791 message = _('nothing changed')
792 else:
793 message = None
794 nm = queries.get(self.nodeid, 'name')
795 self.pagehead('%s: %s'%(self.classname.capitalize(), nm), message)
797 # use the template to display the item
798 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
799 self.classname)
800 item.render(self.nodeid)
801 self.pagefoot()
803 def _changenode(self, props):
804 ''' change the node based on the contents of the form
805 '''
806 cl = self.db.classes[self.classname]
808 # create the message
809 message, files = self._handle_message()
810 if message:
811 props['messages'] = cl.get(self.nodeid, 'messages') + [message]
812 if files:
813 props['files'] = cl.get(self.nodeid, 'files') + files
815 # make the changes
816 cl.set(self.nodeid, **props)
818 def _createnode(self):
819 ''' create a node based on the contents of the form
820 '''
821 cl = self.db.classes[self.classname]
822 props = parsePropsFromForm(self.db, cl, self.form)
824 # check for messages and files
825 message, files = self._handle_message()
826 if message:
827 props['messages'] = [message]
828 if files:
829 props['files'] = files
830 # create the node and return it's id
831 return cl.create(**props)
833 def _handle_message(self):
834 ''' generate an edit message
835 '''
836 # handle file attachments
837 files = []
838 if self.form.has_key('__file'):
839 file = self.form['__file']
840 if file.filename:
841 filename = file.filename.split('\\')[-1]
842 mime_type = mimetypes.guess_type(filename)[0]
843 if not mime_type:
844 mime_type = "application/octet-stream"
845 # create the new file entry
846 files.append(self.db.file.create(type=mime_type,
847 name=filename, content=file.file.read()))
849 # we don't want to do a message if none of the following is true...
850 cn = self.classname
851 cl = self.db.classes[self.classname]
852 props = cl.getprops()
853 note = None
854 # in a nutshell, don't do anything if there's no note or there's no
855 # NOSY
856 if self.form.has_key('__note'):
857 note = self.form['__note'].value.strip()
858 if not note:
859 return None, files
860 if not props.has_key('messages'):
861 return None, files
862 if not isinstance(props['messages'], hyperdb.Multilink):
863 return None, files
864 if not props['messages'].classname == 'msg':
865 return None, files
866 if not (self.form.has_key('nosy') or note):
867 return None, files
869 # handle the note
870 if '\n' in note:
871 summary = re.split(r'\n\r?', note)[0]
872 else:
873 summary = note
874 m = ['%s\n'%note]
876 # handle the messageid
877 # TODO: handle inreplyto
878 messageid = "<%s.%s.%s@%s>"%(time.time(), random.random(),
879 self.classname, self.instance.MAIL_DOMAIN)
881 # now create the message, attaching the files
882 content = '\n'.join(m)
883 message_id = self.db.msg.create(author=self.getuid(),
884 recipients=[], date=date.Date('.'), summary=summary,
885 content=content, files=files, messageid=messageid)
887 # update the messages property
888 return message_id, files
890 def _post_editnode(self, nid):
891 '''Do the linking part of the node creation.
893 If a form element has :link or :multilink appended to it, its
894 value specifies a node designator and the property on that node
895 to add _this_ node to as a link or multilink.
897 This is typically used on, eg. the file upload page to indicated
898 which issue to link the file to.
900 TODO: I suspect that this and newfile will go away now that
901 there's the ability to upload a file using the issue __file form
902 element!
903 '''
904 cn = self.classname
905 cl = self.db.classes[cn]
906 # link if necessary
907 keys = self.form.keys()
908 for key in keys:
909 if key == ':multilink':
910 value = self.form[key].value
911 if type(value) != type([]): value = [value]
912 for value in value:
913 designator, property = value.split(':')
914 link, nodeid = roundupdb.splitDesignator(designator)
915 link = self.db.classes[link]
916 # take a dupe of the list so we're not changing the cache
917 value = link.get(nodeid, property)[:]
918 value.append(nid)
919 link.set(nodeid, **{property: value})
920 elif key == ':link':
921 value = self.form[key].value
922 if type(value) != type([]): value = [value]
923 for value in value:
924 designator, property = value.split(':')
925 link, nodeid = roundupdb.splitDesignator(designator)
926 link = self.db.classes[link]
927 link.set(nodeid, **{property: nid})
929 def newnode(self, message=None):
930 ''' Add a new node to the database.
932 The form works in two modes: blank form and submission (that is,
933 the submission goes to the same URL). **Eventually this means that
934 the form will have previously entered information in it if
935 submission fails.
937 The new node will be created with the properties specified in the
938 form submission. For multilinks, multiple form entries are handled,
939 as are prop=value,value,value. You can't mix them though.
941 If the new node is to be referenced from somewhere else immediately
942 (ie. the new node is a file that is to be attached to a support
943 issue) then supply one of these arguments in addition to the usual
944 form entries:
945 :link=designator:property
946 :multilink=designator:property
947 ... which means that once the new node is created, the "property"
948 on the node given by "designator" should now reference the new
949 node's id. The node id will be appended to the multilink.
950 '''
951 cn = self.classname
952 userid = self.db.user.lookup(self.user)
953 if not self.db.security.hasPermission('View', userid, cn):
954 raise Unauthorised
955 cl = self.db.classes[cn]
956 if self.form.has_key(':multilink'):
957 link = self.form[':multilink'].value
958 designator, linkprop = link.split(':')
959 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
960 else:
961 xtra = ''
963 # possibly perform a create
964 keys = self.form.keys()
965 if [i for i in keys if i[0] != ':']:
966 # no dice if you can't edit!
967 if not self.db.security.hasPermission('Edit', userid, cn):
968 raise Unauthorised
969 props = {}
970 try:
971 nid = self._createnode()
972 # handle linked nodes
973 self._post_editnode(nid)
974 # and some nice feedback for the user
975 message = _('%(classname)s created ok')%{'classname': cn}
977 # render the newly created issue
978 self.db.commit()
979 self.nodeid = nid
980 self.pagehead('%s: %s'%(self.classname.capitalize(), nid),
981 message)
982 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
983 self.classname)
984 item.render(nid)
985 self.pagefoot()
986 return
987 except:
988 self.db.rollback()
989 s = StringIO.StringIO()
990 traceback.print_exc(None, s)
991 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
992 self.pagehead(_('New %(classname)s %(xtra)s')%{
993 'classname': self.classname.capitalize(),
994 'xtra': xtra }, message)
996 # call the template
997 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
998 self.classname)
999 newitem.render(self.form)
1001 self.pagefoot()
1002 newissue = newnode
1004 def newuser(self, message=None):
1005 ''' Add a new user to the database.
1007 Don't do any of the message or file handling, just create the node.
1008 '''
1009 userid = self.db.user.lookup(self.user)
1010 if not self.db.security.hasPermission('Edit', userid, 'user'):
1011 raise Unauthorised
1013 cn = self.classname
1014 cl = self.db.classes[cn]
1016 # possibly perform a create
1017 keys = self.form.keys()
1018 if [i for i in keys if i[0] != ':']:
1019 try:
1020 props = parsePropsFromForm(self.db, cl, self.form)
1021 nid = cl.create(**props)
1022 # handle linked nodes
1023 self._post_editnode(nid)
1024 # and some nice feedback for the user
1025 message = _('%(classname)s created ok')%{'classname': cn}
1026 except:
1027 self.db.rollback()
1028 s = StringIO.StringIO()
1029 traceback.print_exc(None, s)
1030 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1031 self.pagehead(_('New %(classname)s')%{'classname':
1032 self.classname.capitalize()}, message)
1034 # call the template
1035 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1036 self.classname)
1037 newitem.render(self.form)
1039 self.pagefoot()
1041 def newfile(self, message=None):
1042 ''' Add a new file to the database.
1044 This form works very much the same way as newnode - it just has a
1045 file upload.
1046 '''
1047 userid = self.db.user.lookup(self.user)
1048 if not self.db.security.hasPermission('Edit', userid, 'file'):
1049 raise Unauthorised
1050 cn = self.classname
1051 cl = self.db.classes[cn]
1052 props = parsePropsFromForm(self.db, cl, self.form)
1053 if self.form.has_key(':multilink'):
1054 link = self.form[':multilink'].value
1055 designator, linkprop = link.split(':')
1056 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
1057 else:
1058 xtra = ''
1060 # possibly perform a create
1061 keys = self.form.keys()
1062 if [i for i in keys if i[0] != ':']:
1063 try:
1064 file = self.form['content']
1065 mime_type = mimetypes.guess_type(file.filename)[0]
1066 if not mime_type:
1067 mime_type = "application/octet-stream"
1068 # save the file
1069 props['type'] = mime_type
1070 props['name'] = file.filename
1071 props['content'] = file.file.read()
1072 nid = cl.create(**props)
1073 # handle linked nodes
1074 self._post_editnode(nid)
1075 # and some nice feedback for the user
1076 message = _('%(classname)s created ok')%{'classname': cn}
1077 except:
1078 self.db.rollback()
1079 s = StringIO.StringIO()
1080 traceback.print_exc(None, s)
1081 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1083 self.pagehead(_('New %(classname)s %(xtra)s')%{
1084 'classname': self.classname.capitalize(),
1085 'xtra': xtra }, message)
1086 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1087 self.classname)
1088 newitem.render(self.form)
1089 self.pagefoot()
1091 def showuser(self, message=None, num_re=re.compile('^\d+$')):
1092 '''Display a user page for editing. Make sure the user is allowed
1093 to edit this node, and also check for password changes.
1094 '''
1095 user = self.db.user
1097 # get the username of the node being edited
1098 node_user = user.get(self.nodeid, 'username')
1100 # ok, so we need to be able to edit everything, or be this node's
1101 # user
1102 userid = self.db.user.lookup(self.user)
1103 if (not self.db.security.hasPermission('Edit', userid)
1104 and self.user != node_user):
1105 raise Unauthorised
1107 #
1108 # perform any editing
1109 #
1110 keys = self.form.keys()
1111 if keys:
1112 try:
1113 props = parsePropsFromForm(self.db, user, self.form,
1114 self.nodeid)
1115 set_cookie = 0
1116 if props.has_key('password'):
1117 password = self.form['password'].value.strip()
1118 if not password:
1119 # no password was supplied - don't change it
1120 del props['password']
1121 elif self.nodeid == self.getuid():
1122 # this is the logged-in user's password
1123 set_cookie = password
1124 user.set(self.nodeid, **props)
1125 # and some feedback for the user
1126 message = _('%(changes)s edited ok')%{'changes':
1127 ', '.join(props.keys())}
1128 except:
1129 self.db.rollback()
1130 s = StringIO.StringIO()
1131 traceback.print_exc(None, s)
1132 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1133 else:
1134 set_cookie = 0
1136 # fix the cookie if the password has changed
1137 if set_cookie:
1138 self.set_cookie(self.user, set_cookie)
1140 #
1141 # now the display
1142 #
1143 self.pagehead(_('User: %(user)s')%{'user': node_user}, message)
1145 # use the template to display the item
1146 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES, 'user')
1147 item.render(self.nodeid)
1148 self.pagefoot()
1150 def showfile(self):
1151 ''' display a file
1152 '''
1153 nodeid = self.nodeid
1154 cl = self.db.classes[self.classname]
1155 mime_type = cl.get(nodeid, 'type')
1156 if mime_type == 'message/rfc822':
1157 mime_type = 'text/plain'
1158 self.header(headers={'Content-Type': mime_type})
1159 self.write(cl.get(nodeid, 'content'))
1161 def permission(self):
1162 '''
1163 '''
1165 def classes(self, message=None):
1166 ''' display a list of all the classes in the database
1167 '''
1168 userid = self.db.user.lookup(self.user)
1169 if not self.db.security.hasPermission('Edit', userid):
1170 raise Unauthorised
1172 self.pagehead(_('Table of classes'), message)
1173 classnames = self.db.classes.keys()
1174 classnames.sort()
1175 self.write('<table border=0 cellspacing=0 cellpadding=2>\n')
1176 for cn in classnames:
1177 cl = self.db.getclass(cn)
1178 self.write('<tr class="list-header"><th colspan=2 align=left>'
1179 '<a href="%s">%s</a></th></tr>'%(cn, cn.capitalize()))
1180 for key, value in cl.properties.items():
1181 if value is None: value = ''
1182 else: value = str(value)
1183 self.write('<tr><th align=left>%s</th><td>%s</td></tr>'%(
1184 key, cgi.escape(value)))
1185 self.write('</table>')
1186 self.pagefoot()
1188 def login(self, message=None, newuser_form=None, action='index'):
1189 '''Display a login page.
1190 '''
1191 self.pagehead(_('Login to roundup'), message)
1192 self.write(_('''
1193 <table>
1194 <tr><td colspan=2 class="strong-header">Existing User Login</td></tr>
1195 <form onSubmit="return submit_once()" action="login_action" method=POST>
1196 <input type="hidden" name="__destination_url" value="%(action)s">
1197 <tr><td align=right>Login name: </td>
1198 <td><input name="__login_name"></td></tr>
1199 <tr><td align=right>Password: </td>
1200 <td><input type="password" name="__login_password"></td></tr>
1201 <tr><td></td>
1202 <td><input type="submit" value="Log In"></td></tr>
1203 </form>
1204 ''')%locals())
1205 userid = self.db.user.lookup(self.user)
1206 if not self.db.security.hasPermission('Web Registration', userid):
1207 self.write('</table>')
1208 self.pagefoot()
1209 return
1210 values = {'realname': '', 'organisation': '', 'address': '',
1211 'phone': '', 'username': '', 'password': '', 'confirm': '',
1212 'action': action, 'alternate_addresses': ''}
1213 if newuser_form is not None:
1214 for key in newuser_form.keys():
1215 values[key] = newuser_form[key].value
1216 self.write(_('''
1217 <p>
1218 <tr><td colspan=2 class="strong-header">New User Registration</td></tr>
1219 <tr><td colspan=2><em>marked items</em> are optional...</td></tr>
1220 <form onSubmit="return submit_once()" action="newuser_action" method=POST>
1221 <input type="hidden" name="__destination_url" value="%(action)s">
1222 <tr><td align=right><em>Name: </em></td>
1223 <td><input name="realname" value="%(realname)s" size=40></td></tr>
1224 <tr><td align=right><em>Organisation: </em></td>
1225 <td><input name="organisation" value="%(organisation)s" size=40></td></tr>
1226 <tr><td align=right>E-Mail Address: </td>
1227 <td><input name="address" value="%(address)s" size=40></td></tr>
1228 <tr><td align=right><em>Alternate E-mail Addresses: </em></td>
1229 <td><textarea name="alternate_addresses" rows=5 cols=40>%(alternate_addresses)s</textarea></td></tr>
1230 <tr><td align=right><em>Phone: </em></td>
1231 <td><input name="phone" value="%(phone)s"></td></tr>
1232 <tr><td align=right>Preferred Login name: </td>
1233 <td><input name="username" value="%(username)s"></td></tr>
1234 <tr><td align=right>Password: </td>
1235 <td><input type="password" name="password" value="%(password)s"></td></tr>
1236 <tr><td align=right>Password Again: </td>
1237 <td><input type="password" name="confirm" value="%(confirm)s"></td></tr>
1238 <tr><td></td>
1239 <td><input type="submit" value="Register"></td></tr>
1240 </form>
1241 </table>
1242 ''')%values)
1243 self.pagefoot()
1245 def login_action(self, message=None):
1246 '''Attempt to log a user in and set the cookie
1248 returns 0 if a page is generated as a result of this call, and
1249 1 if not (ie. the login is successful
1250 '''
1251 if not self.form.has_key('__login_name'):
1252 self.login(message=_('Username required'))
1253 return 0
1254 self.user = self.form['__login_name'].value
1255 # re-open the database for real, using the user
1256 self.opendb(self.user)
1257 if self.form.has_key('__login_password'):
1258 password = self.form['__login_password'].value
1259 else:
1260 password = ''
1261 # make sure the user exists
1262 try:
1263 uid = self.db.user.lookup(self.user)
1264 except KeyError:
1265 name = self.user
1266 self.make_user_anonymous()
1267 action = self.form['__destination_url'].value
1268 self.login(message=_('No such user "%(name)s"')%locals(),
1269 action=action)
1270 return 0
1272 # and that the password is correct
1273 pw = self.db.user.get(uid, 'password')
1274 if password != pw:
1275 self.make_user_anonymous()
1276 action = self.form['__destination_url'].value
1277 self.login(message=_('Incorrect password'), action=action)
1278 return 0
1280 self.set_cookie(self.user, password)
1281 return 1
1283 def newuser_action(self, message=None):
1284 '''Attempt to create a new user based on the contents of the form
1285 and then set the cookie.
1287 return 1 on successful login
1288 '''
1289 # make sure we're allowed to register
1290 userid = self.db.user.lookup(self.user)
1291 if not self.db.security.hasPermission('Web Registration', userid):
1292 raise Unauthorised
1294 # re-open the database as "admin"
1295 self.opendb('admin')
1297 # create the new user
1298 cl = self.db.user
1299 try:
1300 props = parsePropsFromForm(self.db, cl, self.form)
1301 props['roles'] = self.instance.NEW_WEB_USER_ROLES
1302 uid = cl.create(**props)
1303 self.db.commit()
1304 except ValueError, message:
1305 action = self.form['__destination_url'].value
1306 self.login(message, action=action)
1307 return 0
1309 # log the new user in
1310 self.user = cl.get(uid, 'username')
1311 # re-open the database for real, using the user
1312 self.opendb(self.user)
1313 password = cl.get(uid, 'password')
1314 self.set_cookie(self.user, self.form['password'].value)
1315 return 1
1317 def set_cookie(self, user, password):
1318 # TODO generate a much, much stronger session key ;)
1319 session = binascii.b2a_base64(repr(time.time())).strip()
1321 # clean up the base64
1322 if session[-1] == '=':
1323 if session[-2] == '=':
1324 session = session[:-2]
1325 else:
1326 session = session[:-1]
1328 # insert the session in the sessiondb
1329 sessions = self.db.getclass('__sessions')
1330 self.session = sessions.create(sessid=session, user=user,
1331 last_use=date.Date())
1333 # and commit immediately
1334 self.db.commit()
1336 # expire us in a long, long time
1337 expire = Cookie._getdate(86400*365)
1339 # generate the cookie path - make sure it has a trailing '/'
1340 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
1341 ''))
1342 self.header({'Set-Cookie': 'roundup_user=%s; expires=%s; Path=%s;'%(
1343 session, expire, path)})
1345 def make_user_anonymous(self):
1346 ''' Make use anonymous
1348 This method used to handle non-existence of the 'anonymous'
1349 user, but that user is mandatory now.
1350 '''
1351 self.db.user.lookup('anonymous')
1352 self.user = 'anonymous'
1354 def logout(self, message=None):
1355 self.make_user_anonymous()
1356 # construct the logout cookie
1357 now = Cookie._getdate()
1358 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
1359 ''))
1360 self.header({'Set-Cookie':
1361 'roundup_user=deleted; Max-Age=0; expires=%s; Path=%s;'%(now,
1362 path)})
1363 self.login()
1365 def opendb(self, user):
1366 ''' Open the database - but include the definition of the sessions db.
1367 '''
1368 # open the db
1369 self.db = self.instance.open(user)
1371 # make sure we have the session Class
1372 try:
1373 sessions = self.db.getclass('__sessions')
1374 except:
1375 # add the sessions Class - use a non-journalling Class
1376 # TODO: not happy with how we're getting the Class here :(
1377 sessions = self.instance.dbinit.Class(self.db, '__sessions',
1378 sessid=hyperdb.String(), user=hyperdb.String(),
1379 last_use=hyperdb.Date())
1380 sessions.setkey('sessid')
1381 # make sure session db isn't journalled
1382 sessions.disableJournalling()
1384 def main(self):
1385 ''' Wrap the request and handle unauthorised requests
1386 '''
1387 self.desired_action = None
1388 try:
1389 self.main_action()
1390 except Unauthorised:
1391 self.header(response=403)
1392 if self.desired_action is None or self.desired_action == 'login':
1393 self.login() # go to the index after login
1394 else:
1395 self.login(action=self.desired_action)
1397 def main_action(self):
1398 '''Wrap the database accesses so we can close the database cleanly
1399 '''
1400 # determine the uid to use
1401 self.opendb('admin')
1403 # make sure we have the session Class
1404 sessions = self.db.getclass('__sessions')
1406 # age sessions, remove when they haven't been used for a week
1407 # TODO: this shouldn't be done every access
1408 week = date.Interval('7d')
1409 now = date.Date()
1410 for sessid in sessions.list():
1411 interval = now - sessions.get(sessid, 'last_use')
1412 if interval > week:
1413 sessions.destroy(sessid)
1415 # look up the user session cookie
1416 cookie = Cookie.Cookie(self.env.get('HTTP_COOKIE', ''))
1417 user = 'anonymous'
1418 if (cookie.has_key('roundup_user') and
1419 cookie['roundup_user'].value != 'deleted'):
1421 # get the session key from the cookie
1422 session = cookie['roundup_user'].value
1424 # get the user from the session
1425 try:
1426 self.session = sessions.lookup(session)
1427 except KeyError:
1428 user = 'anonymous'
1429 else:
1430 # update the lifetime datestamp
1431 sessions.set(self.session, last_use=date.Date())
1432 self.db.commit()
1433 user = sessions.get(sessid, 'user')
1435 # sanity check on the user still being valid
1436 try:
1437 self.db.user.lookup(user)
1438 except KeyError:
1439 user = 'anonymous'
1441 # make sure the anonymous user is valid if we're using it
1442 if user == 'anonymous':
1443 self.make_user_anonymous()
1444 else:
1445 self.user = user
1447 # now figure which function to call
1448 path = self.split_path
1450 # default action to index if the path has no information in it
1451 if not path or path[0] in ('', 'index'):
1452 action = 'index'
1453 else:
1454 action = path[0]
1455 self.desired_action = action
1457 # Everthing ignores path[1:]
1458 # - The file download link generator actually relies on this - it
1459 # appends the name of the file to the URL so the download file name
1460 # is correct, but doesn't actually use it.
1462 # everyone is allowed to try to log in
1463 if action == 'login_action':
1464 # try to login
1465 if not self.login_action():
1466 return
1467 # figure the resulting page
1468 action = self.form['__destination_url'].value
1469 if not action:
1470 action = 'index'
1471 self.do_action(action)
1472 return
1474 # allow anonymous people to register
1475 if action == 'newuser_action':
1476 # try to add the user
1477 if not self.newuser_action():
1478 return
1479 # figure the resulting page
1480 action = self.form['__destination_url'].value
1481 if not action:
1482 action = 'index'
1484 # re-open the database for real, using the user
1485 self.opendb(self.user)
1487 # just a regular action
1488 self.do_action(action)
1490 # commit all changes to the database
1491 self.db.commit()
1493 def do_action(self, action, dre=re.compile(r'([^\d]+)(\d+)'),
1494 nre=re.compile(r'new(\w+)'), sre=re.compile(r'search(\w+)')):
1495 '''Figure the user's action and do it.
1496 '''
1497 # here be the "normal" functionality
1498 if action == 'index':
1499 self.index()
1500 return
1501 if action == 'list_classes':
1502 self.classes()
1503 return
1504 if action == 'classhelp':
1505 self.classhelp()
1506 return
1507 if action == 'login':
1508 self.login()
1509 return
1510 if action == 'logout':
1511 self.logout()
1512 return
1514 # see if we're to display an existing node
1515 m = dre.match(action)
1516 if m:
1517 self.classname = m.group(1)
1518 self.nodeid = m.group(2)
1519 try:
1520 cl = self.db.classes[self.classname]
1521 except KeyError:
1522 raise NotFound, self.classname
1523 try:
1524 cl.get(self.nodeid, 'id')
1525 except IndexError:
1526 raise NotFound, self.nodeid
1527 try:
1528 func = getattr(self, 'show%s'%self.classname)
1529 except AttributeError:
1530 raise NotFound, 'show%s'%self.classname
1531 func()
1532 return
1534 # see if we're to put up the new node page
1535 m = nre.match(action)
1536 if m:
1537 self.classname = m.group(1)
1538 try:
1539 func = getattr(self, 'new%s'%self.classname)
1540 except AttributeError:
1541 raise NotFound, 'new%s'%self.classname
1542 func()
1543 return
1545 # see if we're to put up the new node page
1546 m = sre.match(action)
1547 if m:
1548 self.classname = m.group(1)
1549 try:
1550 func = getattr(self, 'search%s'%self.classname)
1551 except AttributeError:
1552 raise NotFound
1553 func()
1554 return
1556 # otherwise, display the named class
1557 self.classname = action
1558 try:
1559 self.db.getclass(self.classname)
1560 except KeyError:
1561 raise NotFound, self.classname
1562 self.list()
1565 class ExtendedClient(Client):
1566 '''Includes pages and page heading information that relate to the
1567 extended schema.
1568 '''
1569 showsupport = Client.shownode
1570 showtimelog = Client.shownode
1571 newsupport = Client.newnode
1572 newtimelog = Client.newnode
1573 searchsupport = Client.searchnode
1575 default_index_sort = ['-activity']
1576 default_index_group = ['priority']
1577 default_index_filter = ['status']
1578 default_index_columns = ['activity','status','title','assignedto']
1579 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
1580 default_pagesize = '50'
1582 def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')):
1583 '''Pull properties for the given class out of the form.
1584 '''
1585 props = {}
1586 keys = form.keys()
1587 for key in keys:
1588 if not cl.properties.has_key(key):
1589 continue
1590 proptype = cl.properties[key]
1591 if isinstance(proptype, hyperdb.String):
1592 value = form[key].value.strip()
1593 elif isinstance(proptype, hyperdb.Password):
1594 value = password.Password(form[key].value.strip())
1595 elif isinstance(proptype, hyperdb.Date):
1596 value = form[key].value.strip()
1597 if value:
1598 value = date.Date(form[key].value.strip())
1599 else:
1600 value = None
1601 elif isinstance(proptype, hyperdb.Interval):
1602 value = form[key].value.strip()
1603 if value:
1604 value = date.Interval(form[key].value.strip())
1605 else:
1606 value = None
1607 elif isinstance(proptype, hyperdb.Link):
1608 value = form[key].value.strip()
1609 # see if it's the "no selection" choice
1610 if value == '-1':
1611 # don't set this property
1612 continue
1613 else:
1614 # handle key values
1615 link = cl.properties[key].classname
1616 if not num_re.match(value):
1617 try:
1618 value = db.classes[link].lookup(value)
1619 except KeyError:
1620 raise ValueError, _('property "%(propname)s": '
1621 '%(value)s not a %(classname)s')%{'propname':key,
1622 'value': value, 'classname': link}
1623 elif isinstance(proptype, hyperdb.Multilink):
1624 value = form[key]
1625 if hasattr(value, 'value'):
1626 # Quite likely to be a FormItem instance
1627 value = value.value
1628 if not isinstance(value, type([])):
1629 value = [i.strip() for i in value.split(',')]
1630 else:
1631 value = [i.strip() for i in value]
1632 link = cl.properties[key].classname
1633 l = []
1634 for entry in map(str, value):
1635 if entry == '': continue
1636 if not num_re.match(entry):
1637 try:
1638 entry = db.classes[link].lookup(entry)
1639 except KeyError:
1640 raise ValueError, _('property "%(propname)s": '
1641 '"%(value)s" not an entry of %(classname)s')%{
1642 'propname':key, 'value': entry, 'classname': link}
1643 l.append(entry)
1644 l.sort()
1645 value = l
1646 elif isinstance(proptype, hyperdb.Boolean):
1647 value = form[key].value.strip()
1648 props[key] = value = value.lower() in ('yes', 'true', 'on', '1')
1649 elif isinstance(proptype, hyperdb.Number):
1650 value = form[key].value.strip()
1651 props[key] = value = int(value)
1653 # get the old value
1654 if nodeid:
1655 try:
1656 existing = cl.get(nodeid, key)
1657 except KeyError:
1658 # this might be a new property for which there is no existing
1659 # value
1660 if not cl.properties.has_key(key): raise
1662 # if changed, set it
1663 if value != existing:
1664 props[key] = value
1665 else:
1666 props[key] = value
1667 return props
1669 #
1670 # $Log: not supported by cvs2svn $
1671 # Revision 1.144 2002/07/25 07:14:05 richard
1672 # Bugger it. Here's the current shape of the new security implementation.
1673 # Still to do:
1674 # . call the security funcs from cgi and mailgw
1675 # . change shipped templates to include correct initialisation and remove
1676 # the old config vars
1677 # ... that seems like a lot. The bulk of the work has been done though. Honest :)
1678 #
1679 # Revision 1.143 2002/07/20 19:29:10 gmcm
1680 # Fixes/improvements to the search form & saved queries.
1681 #
1682 # Revision 1.142 2002/07/18 11:17:30 gmcm
1683 # Add Number and Boolean types to hyperdb.
1684 # Add conversion cases to web, mail & admin interfaces.
1685 # Add storage/serialization cases to back_anydbm & back_metakit.
1686 #
1687 # Revision 1.141 2002/07/17 12:39:10 gmcm
1688 # Saving, running & editing queries.
1689 #
1690 # Revision 1.140 2002/07/14 23:17:15 richard
1691 # cleaned up structure
1692 #
1693 # Revision 1.139 2002/07/14 06:14:40 richard
1694 # Some more TODOs
1695 #
1696 # Revision 1.138 2002/07/14 04:03:13 richard
1697 # Implemented a switch to disable journalling for a Class. CGI session
1698 # database now uses it.
1699 #
1700 # Revision 1.137 2002/07/10 07:00:30 richard
1701 # removed debugging
1702 #
1703 # Revision 1.136 2002/07/10 06:51:08 richard
1704 # . #576241 ] MultiLink problems in parsePropsFromForm
1705 #
1706 # Revision 1.135 2002/07/10 00:22:34 richard
1707 # . switched to using a session-based web login
1708 #
1709 # Revision 1.134 2002/07/09 04:19:09 richard
1710 # Added reindex command to roundup-admin.
1711 # Fixed reindex on first access.
1712 # Also fixed reindexing of entries that change.
1713 #
1714 # Revision 1.133 2002/07/08 15:32:05 gmcm
1715 # Pagination of index pages.
1716 # New search form.
1717 #
1718 # Revision 1.132 2002/07/08 07:26:14 richard
1719 # ehem
1720 #
1721 # Revision 1.131 2002/07/08 06:53:57 richard
1722 # Not sure why the cgi_client had an indexer argument.
1723 #
1724 # Revision 1.130 2002/06/27 12:01:53 gmcm
1725 # If the form has a :multilink, put a back href in the pageheader (back to the linked-to node).
1726 # Some minor optimizations (only compile regexes once).
1727 #
1728 # Revision 1.129 2002/06/20 23:52:11 richard
1729 # Better handling of unauth attempt to edit stuff
1730 #
1731 # Revision 1.128 2002/06/12 21:28:25 gmcm
1732 # Allow form to set user-properties on a Fileclass.
1733 # Don't assume that a Fileclass is named "files".
1734 #
1735 # Revision 1.127 2002/06/11 06:38:24 richard
1736 # . #565996 ] The "Attach a File to this Issue" fails
1737 #
1738 # Revision 1.126 2002/05/29 01:16:17 richard
1739 # Sorry about this huge checkin! It's fixing a lot of related stuff in one go
1740 # though.
1741 #
1742 # . #541941 ] changing multilink properties by mail
1743 # . #526730 ] search for messages capability
1744 # . #505180 ] split MailGW.handle_Message
1745 # - also changed cgi client since it was duplicating the functionality
1746 # . build htmlbase if tests are run using CVS checkout (removed note from
1747 # installation.txt)
1748 # . don't create an empty message on email issue creation if the email is empty
1749 #
1750 # Revision 1.125 2002/05/25 07:16:24 rochecompaan
1751 # Merged search_indexing-branch with HEAD
1752 #
1753 # Revision 1.124 2002/05/24 02:09:24 richard
1754 # Nothing like a live demo to show up the bugs ;)
1755 #
1756 # Revision 1.123 2002/05/22 05:04:13 richard
1757 # Oops
1758 #
1759 # Revision 1.122 2002/05/22 04:12:05 richard
1760 # . applied patch #558876 ] cgi client customization
1761 # ... with significant additions and modifications ;)
1762 # - extended handling of ML assignedto to all places it's handled
1763 # - added more NotFound info
1764 #
1765 # Revision 1.121 2002/05/21 06:08:10 richard
1766 # Handle migration
1767 #
1768 # Revision 1.120 2002/05/21 06:05:53 richard
1769 # . #551483 ] assignedto in Client.make_index_link
1770 #
1771 # Revision 1.119 2002/05/15 06:21:21 richard
1772 # . node caching now works, and gives a small boost in performance
1773 #
1774 # As a part of this, I cleaned up the DEBUG output and implemented TRACE
1775 # output (HYPERDBTRACE='file to trace to') with checkpoints at the start of
1776 # CGI requests. Run roundup with python -O to skip all the DEBUG/TRACE stuff
1777 # (using if __debug__ which is compiled out with -O)
1778 #
1779 # Revision 1.118 2002/05/12 23:46:33 richard
1780 # ehem, part 2
1781 #
1782 # Revision 1.117 2002/05/12 23:42:29 richard
1783 # ehem
1784 #
1785 # Revision 1.116 2002/05/02 08:07:49 richard
1786 # Added the ADD_AUTHOR_TO_NOSY handling to the CGI interface.
1787 #
1788 # Revision 1.115 2002/04/02 01:56:10 richard
1789 # . stop sending blank (whitespace-only) notes
1790 #
1791 # Revision 1.114.2.4 2002/05/02 11:49:18 rochecompaan
1792 # Allow customization of the search filters that should be displayed
1793 # on the search page.
1794 #
1795 # Revision 1.114.2.3 2002/04/20 13:23:31 rochecompaan
1796 # We now have a separate search page for nodes. Search links for
1797 # different classes can be customized in instance_config similar to
1798 # index links.
1799 #
1800 # Revision 1.114.2.2 2002/04/19 19:54:42 rochecompaan
1801 # cgi_client.py
1802 # removed search link for the time being
1803 # moved rendering of matches to htmltemplate
1804 # hyperdb.py
1805 # filtering of nodes on full text search incorporated in filter method
1806 # roundupdb.py
1807 # added paramater to call of filter method
1808 # roundup_indexer.py
1809 # added search method to RoundupIndexer class
1810 #
1811 # Revision 1.114.2.1 2002/04/03 11:55:57 rochecompaan
1812 # . Added feature #526730 - search for messages capability
1813 #
1814 # Revision 1.114 2002/03/17 23:06:05 richard
1815 # oops
1816 #
1817 # Revision 1.113 2002/03/14 23:59:24 richard
1818 # . #517734 ] web header customisation is obscure
1819 #
1820 # Revision 1.112 2002/03/12 22:52:26 richard
1821 # more pychecker warnings removed
1822 #
1823 # Revision 1.111 2002/02/25 04:32:21 richard
1824 # ahem
1825 #
1826 # Revision 1.110 2002/02/21 07:19:08 richard
1827 # ... and label, width and height control for extra flavour!
1828 #
1829 # Revision 1.109 2002/02/21 07:08:19 richard
1830 # oops
1831 #
1832 # Revision 1.108 2002/02/21 07:02:54 richard
1833 # The correct var is "HTTP_HOST"
1834 #
1835 # Revision 1.107 2002/02/21 06:57:38 richard
1836 # . Added popup help for classes using the classhelp html template function.
1837 # - add <display call="classhelp('priority', 'id,name,description')">
1838 # to an item page, and it generates a link to a popup window which displays
1839 # the id, name and description for the priority class. The description
1840 # field won't exist in most installations, but it will be added to the
1841 # default templates.
1842 #
1843 # Revision 1.106 2002/02/21 06:23:00 richard
1844 # *** empty log message ***
1845 #
1846 # Revision 1.105 2002/02/20 05:52:10 richard
1847 # better error handling
1848 #
1849 # Revision 1.104 2002/02/20 05:45:17 richard
1850 # Use the csv module for generating the form entry so it's correct.
1851 # [also noted the sf.net feature request id in the change log]
1852 #
1853 # Revision 1.103 2002/02/20 05:05:28 richard
1854 # . Added simple editing for classes that don't define a templated interface.
1855 # - access using the admin "class list" interface
1856 # - limited to admin-only
1857 # - requires the csv module from object-craft (url given if it's missing)
1858 #
1859 # Revision 1.102 2002/02/15 07:08:44 richard
1860 # . Alternate email addresses are now available for users. See the MIGRATION
1861 # file for info on how to activate the feature.
1862 #
1863 # Revision 1.101 2002/02/14 23:39:18 richard
1864 # . All forms now have "double-submit" protection when Javascript is enabled
1865 # on the client-side.
1866 #
1867 # Revision 1.100 2002/01/16 07:02:57 richard
1868 # . lots of date/interval related changes:
1869 # - more relaxed date format for input
1870 #
1871 # Revision 1.99 2002/01/16 03:02:42 richard
1872 # #503793 ] changing assignedto resets nosy list
1873 #
1874 # Revision 1.98 2002/01/14 02:20:14 richard
1875 # . changed all config accesses so they access either the instance or the
1876 # config attriubute on the db. This means that all config is obtained from
1877 # instance_config instead of the mish-mash of classes. This will make
1878 # switching to a ConfigParser setup easier too, I hope.
1879 #
1880 # At a minimum, this makes migration a _little_ easier (a lot easier in the
1881 # 0.5.0 switch, I hope!)
1882 #
1883 # Revision 1.97 2002/01/11 23:22:29 richard
1884 # . #502437 ] rogue reactor and unittest
1885 # in short, the nosy reactor was modifying the nosy list. That code had
1886 # been there for a long time, and I suspsect it was there because we
1887 # weren't generating the nosy list correctly in other places of the code.
1888 # We're now doing that, so the nosy-modifying code can go away from the
1889 # nosy reactor.
1890 #
1891 # Revision 1.96 2002/01/10 05:26:10 richard
1892 # missed a parsePropsFromForm in last update
1893 #
1894 # Revision 1.95 2002/01/10 03:39:45 richard
1895 # . fixed some problems with web editing and change detection
1896 #
1897 # Revision 1.94 2002/01/09 13:54:21 grubert
1898 # _add_assignedto_to_nosy did set nosy to assignedto only, no adding.
1899 #
1900 # Revision 1.93 2002/01/08 11:57:12 richard
1901 # crying out for real configuration handling... :(
1902 #
1903 # Revision 1.92 2002/01/08 04:12:05 richard
1904 # Changed message-id format to "<%s.%s.%s%s@%s>" so it complies with RFC822
1905 #
1906 # Revision 1.91 2002/01/08 04:03:47 richard
1907 # I mucked the intent of the code up.
1908 #
1909 # Revision 1.90 2002/01/08 03:56:55 richard
1910 # Oops, missed this before the beta:
1911 # . #495392 ] empty nosy -patch
1912 #
1913 # Revision 1.89 2002/01/07 20:24:45 richard
1914 # *mutter* stupid cutnpaste
1915 #
1916 # Revision 1.88 2002/01/02 02:31:38 richard
1917 # Sorry for the huge checkin message - I was only intending to implement #496356
1918 # but I found a number of places where things had been broken by transactions:
1919 # . modified ROUNDUPDBSENDMAILDEBUG to be SENDMAILDEBUG and hold a filename
1920 # for _all_ roundup-generated smtp messages to be sent to.
1921 # . the transaction cache had broken the roundupdb.Class set() reactors
1922 # . newly-created author users in the mailgw weren't being committed to the db
1923 #
1924 # Stuff that made it into CHANGES.txt (ie. the stuff I was actually working
1925 # on when I found that stuff :):
1926 # . #496356 ] Use threading in messages
1927 # . detectors were being registered multiple times
1928 # . added tests for mailgw
1929 # . much better attaching of erroneous messages in the mail gateway
1930 #
1931 # Revision 1.87 2001/12/23 23:18:49 richard
1932 # We already had an admin-specific section of the web heading, no need to add
1933 # another one :)
1934 #
1935 # Revision 1.86 2001/12/20 15:43:01 rochecompaan
1936 # Features added:
1937 # . Multilink properties are now displayed as comma separated values in
1938 # a textbox
1939 # . The add user link is now only visible to the admin user
1940 # . Modified the mail gateway to reject submissions from unknown
1941 # addresses if ANONYMOUS_ACCESS is denied
1942 #
1943 # Revision 1.85 2001/12/20 06:13:24 rochecompaan
1944 # Bugs fixed:
1945 # . Exception handling in hyperdb for strings-that-look-like numbers got
1946 # lost somewhere
1947 # . Internet Explorer submits full path for filename - we now strip away
1948 # the path
1949 # Features added:
1950 # . Link and multilink properties are now displayed sorted in the cgi
1951 # interface
1952 #
1953 # Revision 1.84 2001/12/18 15:30:30 rochecompaan
1954 # Fixed bugs:
1955 # . Fixed file creation and retrieval in same transaction in anydbm
1956 # backend
1957 # . Cgi interface now renders new issue after issue creation
1958 # . Could not set issue status to resolved through cgi interface
1959 # . Mail gateway was changing status back to 'chatting' if status was
1960 # omitted as an argument
1961 #
1962 # Revision 1.83 2001/12/15 23:51:01 richard
1963 # Tested the changes and fixed a few problems:
1964 # . files are now attached to the issue as well as the message
1965 # . newuser is a real method now since we don't want to do the message/file
1966 # stuff for it
1967 # . added some documentation
1968 # The really big changes in the diff are a result of me moving some code
1969 # around to keep like methods together a bit better.
1970 #
1971 # Revision 1.82 2001/12/15 19:24:39 rochecompaan
1972 # . Modified cgi interface to change properties only once all changes are
1973 # collected, files created and messages generated.
1974 # . Moved generation of change note to nosyreactors.
1975 # . We now check for changes to "assignedto" to ensure it's added to the
1976 # nosy list.
1977 #
1978 # Revision 1.81 2001/12/12 23:55:00 richard
1979 # Fixed some problems with user editing
1980 #
1981 # Revision 1.80 2001/12/12 23:27:14 richard
1982 # Added a Zope frontend for roundup.
1983 #
1984 # Revision 1.79 2001/12/10 22:20:01 richard
1985 # Enabled transaction support in the bsddb backend. It uses the anydbm code
1986 # where possible, only replacing methods where the db is opened (it uses the
1987 # btree opener specifically.)
1988 # Also cleaned up some change note generation.
1989 # Made the backends package work with pydoc too.
1990 #
1991 # Revision 1.78 2001/12/07 05:59:27 rochecompaan
1992 # Fixed small bug that prevented adding issues through the web.
1993 #
1994 # Revision 1.77 2001/12/06 22:48:29 richard
1995 # files multilink was being nuked in post_edit_node
1996 #
1997 # Revision 1.76 2001/12/05 14:26:44 rochecompaan
1998 # Removed generation of change note from "sendmessage" in roundupdb.py.
1999 # The change note is now generated when the message is created.
2000 #
2001 # Revision 1.75 2001/12/04 01:25:08 richard
2002 # Added some rollbacks where we were catching exceptions that would otherwise
2003 # have stopped committing.
2004 #
2005 # Revision 1.74 2001/12/02 05:06:16 richard
2006 # . We now use weakrefs in the Classes to keep the database reference, so
2007 # the close() method on the database is no longer needed.
2008 # I bumped the minimum python requirement up to 2.1 accordingly.
2009 # . #487480 ] roundup-server
2010 # . #487476 ] INSTALL.txt
2011 #
2012 # I also cleaned up the change message / post-edit stuff in the cgi client.
2013 # There's now a clearly marked "TODO: append the change note" where I believe
2014 # the change note should be added there. The "changes" list will obviously
2015 # have to be modified to be a dict of the changes, or somesuch.
2016 #
2017 # More testing needed.
2018 #
2019 # Revision 1.73 2001/12/01 07:17:50 richard
2020 # . We now have basic transaction support! Information is only written to
2021 # the database when the commit() method is called. Only the anydbm
2022 # backend is modified in this way - neither of the bsddb backends have been.
2023 # The mail, admin and cgi interfaces all use commit (except the admin tool
2024 # doesn't have a commit command, so interactive users can't commit...)
2025 # . Fixed login/registration forwarding the user to the right page (or not,
2026 # on a failure)
2027 #
2028 # Revision 1.72 2001/11/30 20:47:58 rochecompaan
2029 # Links in page header are now consistent with default sort order.
2030 #
2031 # Fixed bugs:
2032 # - When login failed the list of issues were still rendered.
2033 # - User was redirected to index page and not to his destination url
2034 # if his first login attempt failed.
2035 #
2036 # Revision 1.71 2001/11/30 20:28:10 rochecompaan
2037 # Property changes are now completely traceable, whether changes are
2038 # made through the web or by email
2039 #
2040 # Revision 1.70 2001/11/30 00:06:29 richard
2041 # Converted roundup/cgi_client.py to use _()
2042 # Added the status file, I18N_PROGRESS.txt
2043 #
2044 # Revision 1.69 2001/11/29 23:19:51 richard
2045 # Removed the "This issue has been edited through the web" when a valid
2046 # change note is supplied.
2047 #
2048 # Revision 1.68 2001/11/29 04:57:23 richard
2049 # a little comment
2050 #
2051 # Revision 1.67 2001/11/28 21:55:35 richard
2052 # . login_action and newuser_action return values were being ignored
2053 # . Woohoo! Found that bloody re-login bug that was killing the mail
2054 # gateway.
2055 # (also a minor cleanup in hyperdb)
2056 #
2057 # Revision 1.66 2001/11/27 03:00:50 richard
2058 # couple of bugfixes from latest patch integration
2059 #
2060 # Revision 1.65 2001/11/26 23:00:53 richard
2061 # This config stuff is getting to be a real mess...
2062 #
2063 # Revision 1.64 2001/11/26 22:56:35 richard
2064 # typo
2065 #
2066 # Revision 1.63 2001/11/26 22:55:56 richard
2067 # Feature:
2068 # . Added INSTANCE_NAME to configuration - used in web and email to identify
2069 # the instance.
2070 # . Added EMAIL_SIGNATURE_POSITION to indicate where to place the roundup
2071 # signature info in e-mails.
2072 # . Some more flexibility in the mail gateway and more error handling.
2073 # . Login now takes you to the page you back to the were denied access to.
2074 #
2075 # Fixed:
2076 # . Lots of bugs, thanks Roché and others on the devel mailing list!
2077 #
2078 # Revision 1.62 2001/11/24 00:45:42 jhermann
2079 # typeof() instead of type(): avoid clash with database field(?) "type"
2080 #
2081 # Fixes this traceback:
2082 #
2083 # Traceback (most recent call last):
2084 # File "roundup\cgi_client.py", line 535, in newnode
2085 # self._post_editnode(nid)
2086 # File "roundup\cgi_client.py", line 415, in _post_editnode
2087 # if type(value) != type([]): value = [value]
2088 # UnboundLocalError: local variable 'type' referenced before assignment
2089 #
2090 # Revision 1.61 2001/11/22 15:46:42 jhermann
2091 # Added module docstrings to all modules.
2092 #
2093 # Revision 1.60 2001/11/21 22:57:28 jhermann
2094 # Added dummy hooks for I18N and some preliminary (test) markup of
2095 # translatable messages
2096 #
2097 # Revision 1.59 2001/11/21 03:21:13 richard
2098 # oops
2099 #
2100 # Revision 1.58 2001/11/21 03:11:28 richard
2101 # Better handling of new properties.
2102 #
2103 # Revision 1.57 2001/11/15 10:24:27 richard
2104 # handle the case where there is no file attached
2105 #
2106 # Revision 1.56 2001/11/14 21:35:21 richard
2107 # . users may attach files to issues (and support in ext) through the web now
2108 #
2109 # Revision 1.55 2001/11/07 02:34:06 jhermann
2110 # Handling of damaged login cookies
2111 #
2112 # Revision 1.54 2001/11/07 01:16:12 richard
2113 # Remove the '=' padding from cookie value so quoting isn't an issue.
2114 #
2115 # Revision 1.53 2001/11/06 23:22:05 jhermann
2116 # More IE fixes: it does not like quotes around cookie values; in the
2117 # hope this does not break anything for other browser; if it does, we
2118 # need to check HTTP_USER_AGENT
2119 #
2120 # Revision 1.52 2001/11/06 23:11:22 jhermann
2121 # Fixed debug output in page footer; added expiry date to the login cookie
2122 # (expires 1 year in the future) to prevent probs with certain versions
2123 # of IE
2124 #
2125 # Revision 1.51 2001/11/06 22:00:34 jhermann
2126 # Get debug level from ROUNDUP_DEBUG env var
2127 #
2128 # Revision 1.50 2001/11/05 23:45:40 richard
2129 # Fixed newuser_action so it sets the cookie with the unencrypted password.
2130 # Also made it present nicer error messages (not tracebacks).
2131 #
2132 # Revision 1.49 2001/11/04 03:07:12 richard
2133 # Fixed various cookie-related bugs:
2134 # . bug #477685 ] base64.decodestring breaks
2135 # . bug #477837 ] lynx does not like the cookie
2136 # . bug #477892 ] Password edit doesn't fix login cookie
2137 # Also closed a security hole - a logged-in user could edit another user's
2138 # details.
2139 #
2140 # Revision 1.48 2001/11/03 01:30:18 richard
2141 # Oops. uses pagefoot now.
2142 #
2143 # Revision 1.47 2001/11/03 01:29:28 richard
2144 # Login page didn't have all close tags.
2145 #
2146 # Revision 1.46 2001/11/03 01:26:55 richard
2147 # possibly fix truncated base64'ed user:pass
2148 #
2149 # Revision 1.45 2001/11/01 22:04:37 richard
2150 # Started work on supporting a pop3-fetching server
2151 # Fixed bugs:
2152 # . bug #477104 ] HTML tag error in roundup-server
2153 # . bug #477107 ] HTTP header problem
2154 #
2155 # Revision 1.44 2001/10/28 23:03:08 richard
2156 # Added more useful header to the classic schema.
2157 #
2158 # Revision 1.43 2001/10/24 00:01:42 richard
2159 # More fixes to lockout logic.
2160 #
2161 # Revision 1.42 2001/10/23 23:56:03 richard
2162 # HTML typo
2163 #
2164 # Revision 1.41 2001/10/23 23:52:35 richard
2165 # Fixed lock-out logic, thanks Roch'e for pointing out the problems.
2166 #
2167 # Revision 1.40 2001/10/23 23:06:39 richard
2168 # Some cleanup.
2169 #
2170 # Revision 1.39 2001/10/23 01:00:18 richard
2171 # Re-enabled login and registration access after lopping them off via
2172 # disabling access for anonymous users.
2173 # Major re-org of the htmltemplate code, cleaning it up significantly. Fixed
2174 # a couple of bugs while I was there. Probably introduced a couple, but
2175 # things seem to work OK at the moment.
2176 #
2177 # Revision 1.38 2001/10/22 03:25:01 richard
2178 # Added configuration for:
2179 # . anonymous user access and registration (deny/allow)
2180 # . filter "widget" location on index page (top, bottom, both)
2181 # Updated some documentation.
2182 #
2183 # Revision 1.37 2001/10/21 07:26:35 richard
2184 # feature #473127: Filenames. I modified the file.index and htmltemplate
2185 # source so that the filename is used in the link and the creation
2186 # information is displayed.
2187 #
2188 # Revision 1.36 2001/10/21 04:44:50 richard
2189 # bug #473124: UI inconsistency with Link fields.
2190 # This also prompted me to fix a fairly long-standing usability issue -
2191 # that of being able to turn off certain filters.
2192 #
2193 # Revision 1.35 2001/10/21 00:17:54 richard
2194 # CGI interface view customisation section may now be hidden (patch from
2195 # Roch'e Compaan.)
2196 #
2197 # Revision 1.34 2001/10/20 11:58:48 richard
2198 # Catch errors in login - no username or password supplied.
2199 # Fixed editing of password (Password property type) thanks Roch'e Compaan.
2200 #
2201 # Revision 1.33 2001/10/17 00:18:41 richard
2202 # Manually constructing cookie headers now.
2203 #
2204 # Revision 1.32 2001/10/16 03:36:21 richard
2205 # CGI interface wasn't handling checkboxes at all.
2206 #
2207 # Revision 1.31 2001/10/14 10:55:00 richard
2208 # Handle empty strings in HTML template Link function
2209 #
2210 # Revision 1.30 2001/10/09 07:38:58 richard
2211 # Pushed the base code for the extended schema CGI interface back into the
2212 # code cgi_client module so that future updates will be less painful.
2213 # Also removed a debugging print statement from cgi_client.
2214 #
2215 # Revision 1.29 2001/10/09 07:25:59 richard
2216 # Added the Password property type. See "pydoc roundup.password" for
2217 # implementation details. Have updated some of the documentation too.
2218 #
2219 # Revision 1.28 2001/10/08 00:34:31 richard
2220 # Change message was stuffing up for multilinks with no key property.
2221 #
2222 # Revision 1.27 2001/10/05 02:23:24 richard
2223 # . roundup-admin create now prompts for property info if none is supplied
2224 # on the command-line.
2225 # . hyperdb Class getprops() method may now return only the mutable
2226 # properties.
2227 # . Login now uses cookies, which makes it a whole lot more flexible. We can
2228 # now support anonymous user access (read-only, unless there's an
2229 # "anonymous" user, in which case write access is permitted). Login
2230 # handling has been moved into cgi_client.Client.main()
2231 # . The "extended" schema is now the default in roundup init.
2232 # . The schemas have had their page headings modified to cope with the new
2233 # login handling. Existing installations should copy the interfaces.py
2234 # file from the roundup lib directory to their instance home.
2235 # . Incorrectly had a Bizar Software copyright on the cgitb.py module from
2236 # Ping - has been removed.
2237 # . Fixed a whole bunch of places in the CGI interface where we should have
2238 # been returning Not Found instead of throwing an exception.
2239 # . Fixed a deviation from the spec: trying to modify the 'id' property of
2240 # an item now throws an exception.
2241 #
2242 # Revision 1.26 2001/09/12 08:31:42 richard
2243 # handle cases where mime type is not guessable
2244 #
2245 # Revision 1.25 2001/08/29 05:30:49 richard
2246 # change messages weren't being saved when there was no-one on the nosy list.
2247 #
2248 # Revision 1.24 2001/08/29 04:49:39 richard
2249 # didn't clean up fully after debugging :(
2250 #
2251 # Revision 1.23 2001/08/29 04:47:18 richard
2252 # Fixed CGI client change messages so they actually include the properties
2253 # changed (again).
2254 #
2255 # Revision 1.22 2001/08/17 00:08:10 richard
2256 # reverted back to sending messages always regardless of who is doing the web
2257 # edit. change notes weren't being saved. bleah. hackish.
2258 #
2259 # Revision 1.21 2001/08/15 23:43:18 richard
2260 # Fixed some isFooTypes that I missed.
2261 # Refactored some code in the CGI code.
2262 #
2263 # Revision 1.20 2001/08/12 06:32:36 richard
2264 # using isinstance(blah, Foo) now instead of isFooType
2265 #
2266 # Revision 1.19 2001/08/07 00:24:42 richard
2267 # stupid typo
2268 #
2269 # Revision 1.18 2001/08/07 00:15:51 richard
2270 # Added the copyright/license notice to (nearly) all files at request of
2271 # Bizar Software.
2272 #
2273 # Revision 1.17 2001/08/02 06:38:17 richard
2274 # Roundupdb now appends "mailing list" information to its messages which
2275 # include the e-mail address and web interface address. Templates may
2276 # override this in their db classes to include specific information (support
2277 # instructions, etc).
2278 #
2279 # Revision 1.16 2001/08/02 05:55:25 richard
2280 # Web edit messages aren't sent to the person who did the edit any more. No
2281 # message is generated if they are the only person on the nosy list.
2282 #
2283 # Revision 1.15 2001/08/02 00:34:10 richard
2284 # bleah syntax error
2285 #
2286 # Revision 1.14 2001/08/02 00:26:16 richard
2287 # Changed the order of the information in the message generated by web edits.
2288 #
2289 # Revision 1.13 2001/07/30 08:12:17 richard
2290 # Added time logging and file uploading to the templates.
2291 #
2292 # Revision 1.12 2001/07/30 06:26:31 richard
2293 # Added some documentation on how the newblah works.
2294 #
2295 # Revision 1.11 2001/07/30 06:17:45 richard
2296 # Features:
2297 # . Added ability for cgi newblah forms to indicate that the new node
2298 # should be linked somewhere.
2299 # Fixed:
2300 # . Fixed the agument handling for the roundup-admin find command.
2301 # . Fixed handling of summary when no note supplied for newblah. Again.
2302 # . Fixed detection of no form in htmltemplate Field display.
2303 #
2304 # Revision 1.10 2001/07/30 02:37:34 richard
2305 # Temporary measure until we have decent schema migration...
2306 #
2307 # Revision 1.9 2001/07/30 01:25:07 richard
2308 # Default implementation is now "classic" rather than "extended" as one would
2309 # expect.
2310 #
2311 # Revision 1.8 2001/07/29 08:27:40 richard
2312 # Fixed handling of passed-in values in form elements (ie. during a
2313 # drill-down)
2314 #
2315 # Revision 1.7 2001/07/29 07:01:39 richard
2316 # Added vim command to all source so that we don't get no steenkin' tabs :)
2317 #
2318 # Revision 1.6 2001/07/29 04:04:00 richard
2319 # Moved some code around allowing for subclassing to change behaviour.
2320 #
2321 # Revision 1.5 2001/07/28 08:16:52 richard
2322 # New issue form handles lack of note better now.
2323 #
2324 # Revision 1.4 2001/07/28 00:34:34 richard
2325 # Fixed some non-string node ids.
2326 #
2327 # Revision 1.3 2001/07/23 03:56:30 richard
2328 # oops, missed a config removal
2329 #
2330 # Revision 1.2 2001/07/22 12:09:32 richard
2331 # Final commit of Grande Splite
2332 #
2333 # Revision 1.1 2001/07/22 11:58:35 richard
2334 # More Grande Splite
2335 #
2336 #
2337 # vim: set filetype=python ts=4 sw=4 et si