1 #
2 # Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/)
3 # This module is free software, and you may redistribute it and/or modify
4 # under the same terms as Python, so long as this copyright message and
5 # disclaimer are retained in their original form.
6 #
7 # IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR
8 # DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
9 # OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE
10 # POSSIBILITY OF SUCH DAMAGE.
11 #
12 # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
13 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
14 # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS"
15 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
16 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
17 #
18 # $Id: cgi_client.py,v 1.152 2002-07-31 22:04:14 richard Exp $
20 __doc__ = """
21 WWW request handler (also used in the stand-alone server).
22 """
24 import os, cgi, StringIO, urlparse, re, traceback, mimetypes, urllib
25 import binascii, Cookie, time, random
27 import roundupdb, htmltemplate, date, hyperdb, password
28 from roundup.i18n import _
30 class Unauthorised(ValueError):
31 pass
33 class NotFound(ValueError):
34 pass
36 def initialiseSecurity(security):
37 ''' Create some Permissions and Roles on the security object
39 This function is directly invoked by security.Security.__init__()
40 as a part of the Security object instantiation.
41 '''
42 security.addPermission(name="Web Registration",
43 description="User may register through the web")
45 # doing Role stuff through the web - make sure Admin can
46 p = security.addPermission(name="Web Roles",
47 description="User may manipulate user Roles through the web")
48 security.addPermissionToRole('Admin', p)
50 class Client:
51 '''
52 A note about login
53 ------------------
55 If the user has no login cookie, then they are anonymous. There
56 are two levels of anonymous use. If there is no 'anonymous' user, there
57 is no login at all and the database is opened in read-only mode. If the
58 'anonymous' user exists, the user is logged in using that user (though
59 there is no cookie). This allows them to modify the database, and all
60 modifications are attributed to the 'anonymous' user.
62 Once a user logs in, they are assigned a session. The Client instance
63 keeps the nodeid of the session as the "session" attribute.
64 '''
66 def __init__(self, instance, request, env, form=None):
67 hyperdb.traceMark()
68 self.instance = instance
69 self.request = request
70 self.env = env
71 self.path = env['PATH_INFO']
72 self.split_path = self.path.split('/')
73 self.instance_path_name = env['INSTANCE_NAME']
74 url = self.env['SCRIPT_NAME'] + '/'
75 machine = self.env['SERVER_NAME']
76 port = self.env['SERVER_PORT']
77 if port != '80': machine = machine + ':' + port
78 self.base = urlparse.urlunparse(('http', env['HTTP_HOST'], url,
79 None, None, None))
81 if form is None:
82 self.form = cgi.FieldStorage(environ=env)
83 else:
84 self.form = form
85 self.headers_done = 0
86 try:
87 self.debug = int(env.get("ROUNDUP_DEBUG", 0))
88 except ValueError:
89 # someone gave us a non-int debug level, turn it off
90 self.debug = 0
92 def getuid(self):
93 try:
94 return self.db.user.lookup(self.user)
95 except KeyError:
96 if self.user is None:
97 # user is not logged in and username 'anonymous' doesn't
98 # exist in the database
99 err = _('anonymous users have read-only access only')
100 else:
101 err = _("sanity check: unknown user name `%s'")%self.user
102 raise Unauthorised, errmsg
104 def header(self, headers=None, response=200):
105 '''Put up the appropriate header.
106 '''
107 if headers is None:
108 headers = {'Content-Type':'text/html'}
109 if not headers.has_key('Content-Type'):
110 headers['Content-Type'] = 'text/html'
111 self.request.send_response(response)
112 for entry in headers.items():
113 self.request.send_header(*entry)
114 self.request.end_headers()
115 self.headers_done = 1
116 if self.debug:
117 self.headers_sent = headers
119 global_javascript = '''
120 <script language="javascript">
121 submitted = false;
122 function submit_once() {
123 if (submitted) {
124 alert("Your request is being processed.\\nPlease be patient.");
125 return 0;
126 }
127 submitted = true;
128 return 1;
129 }
131 function help_window(helpurl, width, height) {
132 HelpWin = window.open('%(base)s%(instance_path_name)s/' + helpurl, 'RoundupHelpWindow', 'scrollbars=yes,resizable=yes,toolbar=no,height='+height+',width='+width);
133 }
135 </script>
136 '''
137 def make_index_link(self, name):
138 '''Turn a configuration entry into a hyperlink...
139 '''
140 # get the link label and spec
141 spec = getattr(self.instance, name+'_INDEX')
143 d = {}
144 d[':sort'] = ','.join(map(urllib.quote, spec['SORT']))
145 d[':group'] = ','.join(map(urllib.quote, spec['GROUP']))
146 d[':filter'] = ','.join(map(urllib.quote, spec['FILTER']))
147 d[':columns'] = ','.join(map(urllib.quote, spec['COLUMNS']))
148 d[':pagesize'] = spec.get('PAGESIZE','50')
150 # snarf the filterspec
151 filterspec = spec['FILTERSPEC'].copy()
153 # now format the filterspec
154 for k, l in filterspec.items():
155 # fix up the CURRENT USER if needed (handle None too since that's
156 # the old flag value)
157 if l in (None, 'CURRENT USER'):
158 if not self.user:
159 continue
160 l = [self.db.user.lookup(self.user)]
162 # add
163 d[urllib.quote(k)] = ','.join(map(urllib.quote, l))
165 # finally, format the URL
166 return '<a href="%s?%s">%s</a>'%(spec['CLASS'],
167 '&'.join([k+'='+v for k,v in d.items()]), spec['LABEL'])
170 def pagehead(self, title, message=None):
171 '''Display the page heading, with information about the tracker and
172 links to more information
173 '''
175 # include any important message
176 if message is not None:
177 message = _('<div class="system-msg">%(message)s</div>')%locals()
178 else:
179 message = ''
181 # style sheet (CSS)
182 style = open(os.path.join(self.instance.TEMPLATES, 'style.css')).read()
184 # figure who the user is
185 user_name = self.user
186 userid = self.db.user.lookup(user_name)
188 # figure all the header links
189 if hasattr(self.instance, 'HEADER_INDEX_LINKS'):
190 links = []
191 for name in self.instance.HEADER_INDEX_LINKS:
192 spec = getattr(self.instance, name + '_INDEX')
193 # skip if we need to fill in the logged-in user id and
194 # we're anonymous
195 if (spec['FILTERSPEC'].has_key('assignedto') and
196 spec['FILTERSPEC']['assignedto'] in ('CURRENT USER',
197 None) and user_name == 'anonymous'):
198 continue
199 links.append(self.make_index_link(name))
200 else:
201 # no config spec - hard-code
202 links = [
203 _('All <a href="issue?status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>'),
204 _('Unassigned <a href="issue?assignedto=-1&status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status,assignedto&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>')
205 ]
207 user_info = _('<a href="login">Login</a>')
208 add_links = ''
209 if user_name != 'anonymous':
210 # add any personal queries to the menu
211 try:
212 queries = self.db.getclass('query')
213 except KeyError:
214 # no query class
215 queries = self.instance.dbinit.Class(self.db, "query",
216 klass=hyperdb.String(), name=hyperdb.String(),
217 url=hyperdb.String())
218 queries.setkey('name')
219 #queries.disableJournalling()
220 try:
221 qids = self.db.getclass('user').get(userid, 'queries')
222 except KeyError, e:
223 #self.db.getclass('user').addprop(queries=hyperdb.Multilink('query'))
224 qids = []
225 for qid in qids:
226 links.append('<a href=%s?%s>%s</a>'%(queries.get(qid, 'klass'),
227 queries.get(qid, 'url'), queries.get(qid, 'name')))
229 # if they're logged in, include links to their information,
230 # and the ability to add an issue
231 user_info = _('''
232 <a href="user%(userid)s">My Details</a> | <a href="logout">Logout</a>
233 ''')%locals()
235 # figure the "add class" links
236 if hasattr(self.instance, 'HEADER_ADD_LINKS'):
237 classes = self.instance.HEADER_ADD_LINKS
238 else:
239 classes = ['issue']
240 l = []
241 for class_name in classes:
242 # make sure the user has permission to add
243 if not self.db.security.hasPermission('Edit', userid, class_name):
244 continue
245 cap_class = class_name.capitalize()
246 links.append(_('Add <a href="new%(class_name)s">'
247 '%(cap_class)s</a>')%locals())
249 # if the user can edit everything, include the links
250 admin_links = ''
251 userid = self.db.user.lookup(user_name)
252 if self.db.security.hasPermission('Edit', userid):
253 links.append(_('<a href="list_classes">Class List</a>'))
254 links.append(_('<a href="user?:sort=username&:group=roles">User List</a>'))
255 links.append(_('<a href="newuser">Add User</a>'))
257 # add the search links
258 if hasattr(self.instance, 'HEADER_SEARCH_LINKS'):
259 classes = self.instance.HEADER_SEARCH_LINKS
260 else:
261 classes = ['issue']
262 l = []
263 for class_name in classes:
264 # make sure the user has permission to view
265 if not self.db.security.hasPermission('View', userid, class_name):
266 continue
267 cap_class = class_name.capitalize()
268 links.append(_('Search <a href="search%(class_name)s">'
269 '%(cap_class)s</a>')%locals())
271 # now we have all the links, join 'em
272 links = '\n | '.join(links)
274 # include the javascript bit
275 global_javascript = self.global_javascript%self.__dict__
277 # finally, format the header
278 self.write(_('''<html><head>
279 <title>%(title)s</title>
280 <style type="text/css">%(style)s</style>
281 </head>
282 %(global_javascript)s
283 <body bgcolor=#ffffff>
284 %(message)s
285 <table width=100%% border=0 cellspacing=0 cellpadding=2>
286 <tr class="location-bar">
287 <td><big><strong>%(title)s</strong></big></td>
288 <td align=right valign=bottom>%(user_name)s</td>
289 </tr>
290 <tr class="location-bar">
291 <td align=left>%(links)s</td>
292 <td align=right>%(user_info)s</td>
293 </tr>
294 </table><br>
295 ''')%locals())
297 def pagefoot(self):
298 if self.debug:
299 self.write(_('<hr><small><dl><dt><b>Path</b></dt>'))
300 self.write('<dd>%s</dd>'%(', '.join(map(repr, self.split_path))))
301 keys = self.form.keys()
302 keys.sort()
303 if keys:
304 self.write(_('<dt><b>Form entries</b></dt>'))
305 for k in self.form.keys():
306 v = self.form.getvalue(k, "<empty>")
307 if type(v) is type([]):
308 # Multiple username fields specified
309 v = "|".join(v)
310 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
311 keys = self.headers_sent.keys()
312 keys.sort()
313 self.write(_('<dt><b>Sent these HTTP headers</b></dt>'))
314 for k in keys:
315 v = self.headers_sent[k]
316 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
317 keys = self.env.keys()
318 keys.sort()
319 self.write(_('<dt><b>CGI environment</b></dt>'))
320 for k in keys:
321 v = self.env[k]
322 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
323 self.write('</dl></small>')
324 self.write('</body></html>')
326 def write(self, content):
327 if not self.headers_done:
328 self.header()
329 self.request.wfile.write(content)
331 def index_arg(self, arg):
332 ''' handle the args to index - they might be a list from the form
333 (ie. submitted from a form) or they might be a command-separated
334 single string (ie. manually constructed GET args)
335 '''
336 if self.form.has_key(arg):
337 arg = self.form[arg]
338 if type(arg) == type([]):
339 return [arg.value for arg in arg]
340 return arg.value.split(',')
341 return []
343 def index_sort(self):
344 # first try query string
345 x = self.index_arg(':sort')
346 if x:
347 return x
348 # nope - get the specs out of the form
349 specs = []
350 for colnm in self.db.getclass(self.classname).getprops().keys():
351 desc = ''
352 try:
353 spec = self.form[':%s_ss' % colnm]
354 except KeyError:
355 continue
356 spec = spec.value
357 if spec:
358 if spec[-1] == '-':
359 desc='-'
360 spec = spec[0]
361 specs.append((int(spec), colnm, desc))
362 specs.sort()
363 x = []
364 for _, colnm, desc in specs:
365 x.append('%s%s' % (desc, colnm))
366 return x
368 def index_filterspec(self, filter, classname=None):
369 ''' pull the index filter spec from the form
371 Links and multilinks want to be lists - the rest are straight
372 strings.
373 '''
374 if classname is None:
375 classname = self.classname
376 klass = self.db.getclass(classname)
377 filterspec = {}
378 props = klass.getprops()
379 for colnm in filter:
380 widget = ':%s_fs' % colnm
381 try:
382 val = self.form[widget]
383 except KeyError:
384 try:
385 val = self.form[colnm]
386 except KeyError:
387 # they checked the filter box but didn't enter a value
388 continue
389 propdescr = props.get(colnm, None)
390 if propdescr is None:
391 print "huh? %r is in filter & form, but not in Class!" % colnm
392 raise "butthead programmer"
393 if (isinstance(propdescr, hyperdb.Link) or
394 isinstance(propdescr, hyperdb.Multilink)):
395 if type(val) == type([]):
396 val = [arg.value for arg in val]
397 else:
398 val = val.value.split(',')
399 l = filterspec.get(colnm, [])
400 l = l + val
401 filterspec[colnm] = l
402 else:
403 filterspec[colnm] = val.value
405 return filterspec
407 def customization_widget(self):
408 ''' The customization widget is visible by default. The widget
409 visibility is remembered by show_customization. Visibility
410 is not toggled if the action value is "Redisplay"
411 '''
412 if not self.form.has_key('show_customization'):
413 visible = 1
414 else:
415 visible = int(self.form['show_customization'].value)
416 if self.form.has_key('action'):
417 if self.form['action'].value != 'Redisplay':
418 visible = self.form['action'].value == '+'
420 return visible
422 # TODO: make this go away some day...
423 default_index_sort = ['-activity']
424 default_index_group = ['priority']
425 default_index_filter = ['status']
426 default_index_columns = ['id','activity','title','status','assignedto']
427 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
428 default_pagesize = '50'
430 def _get_customisation_info(self):
431 # see if the web has supplied us with any customisation info
432 for key in ':sort', ':group', ':filter', ':columns', ':pagesize':
433 if self.form.has_key(key):
434 # make list() extract the info from the CGI environ
435 self.classname = 'issue'
436 sort = group = filter = columns = filterspec = pagesize = None
437 break
438 else:
439 # TODO: look up the session first
440 # try the instance config first
441 if hasattr(self.instance, 'DEFAULT_INDEX'):
442 d = self.instance.DEFAULT_INDEX
443 self.classname = d['CLASS']
444 sort = d['SORT']
445 group = d['GROUP']
446 filter = d['FILTER']
447 columns = d['COLUMNS']
448 filterspec = d['FILTERSPEC']
449 pagesize = d.get('PAGESIZE', '50')
450 else:
451 # nope - fall back on the old way of doing it
452 self.classname = 'issue'
453 sort = self.default_index_sort
454 group = self.default_index_group
455 filter = self.default_index_filter
456 columns = self.default_index_columns
457 filterspec = self.default_index_filterspec
458 pagesize = self.default_pagesize
459 return columns, filter, group, sort, filterspec, pagesize
461 def index(self):
462 ''' put up an index - no class specified
463 '''
464 columns, filter, group, sort, filterspec, pagesize = \
465 self._get_customisation_info()
466 return self.list(columns=columns, filter=filter, group=group,
467 sort=sort, filterspec=filterspec, pagesize=pagesize)
469 def searchnode(self):
470 columns, filter, group, sort, filterspec, pagesize = \
471 self._get_customisation_info()
472 cn = self.classname
473 self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
474 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
475 index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
476 self.write('<form onSubmit="return submit_once()" action="%s">\n'%self.classname)
477 all_columns = self.db.getclass(cn).getprops().keys()
478 all_columns.sort()
479 index.filter_section('', filter, columns, group, all_columns, sort,
480 filterspec, pagesize, 0)
481 self.pagefoot()
482 index.db = index.cl = index.properties = None
483 index.clear()
485 # XXX deviates from spec - loses the '+' (that's a reserved character
486 # in URLS
487 def list(self, sort=None, group=None, filter=None, columns=None,
488 filterspec=None, show_customization=None, show_nodes=1,
489 pagesize=None):
490 ''' call the template index with the args
492 :sort - sort by prop name, optionally preceeded with '-'
493 to give descending or nothing for ascending sorting.
494 :group - group by prop name, optionally preceeded with '-' or
495 to sort in descending or nothing for ascending order.
496 :filter - selects which props should be displayed in the filter
497 section. Default is all.
498 :columns - selects the columns that should be displayed.
499 Default is all.
501 '''
502 cn = self.classname
503 cl = self.db.classes[cn]
504 if sort is None: sort = self.index_sort()
505 if group is None: group = self.index_arg(':group')
506 if filter is None: filter = self.index_arg(':filter')
507 if columns is None: columns = self.index_arg(':columns')
508 if filterspec is None: filterspec = self.index_filterspec(filter)
509 if show_customization is None:
510 show_customization = self.customization_widget()
511 if self.form.has_key('search_text'):
512 search_text = self.form['search_text'].value
513 else:
514 search_text = ''
515 if pagesize is None:
516 if self.form.has_key(':pagesize'):
517 pagesize = self.form[':pagesize'].value
518 else:
519 pagesize = '50'
520 pagesize = int(pagesize)
521 if self.form.has_key(':startwith'):
522 startwith = int(self.form[':startwith'].value)
523 else:
524 startwith = 0
526 if self.form.has_key('Query') and self.form['Query'].value == 'Save':
527 # format a query string
528 qd = {}
529 qd[':sort'] = ','.join(map(urllib.quote, sort))
530 qd[':group'] = ','.join(map(urllib.quote, group))
531 qd[':filter'] = ','.join(map(urllib.quote, filter))
532 qd[':columns'] = ','.join(map(urllib.quote, columns))
533 for k, l in filterspec.items():
534 qd[urllib.quote(k)] = ','.join(map(urllib.quote, l))
535 url = '&'.join([k+'='+v for k,v in qd.items()])
536 url += '&:pagesize=%s' % pagesize
537 if search_text:
538 url += '&search_text=%s' % search_text
540 # create a query
541 d = {}
542 d['name'] = nm = self.form[':name'].value
543 if not nm:
544 d['name'] = nm = 'New Query'
545 d['klass'] = self.form[':classname'].value
546 d['url'] = url
547 qid = self.db.getclass('query').create(**d)
549 # and add it to the user's query multilink
550 uid = self.getuid()
551 usercl = self.db.getclass('user')
552 queries = usercl.get(uid, 'queries')
553 queries.append(qid)
554 usercl.set(uid, queries=queries)
556 self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
557 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
559 index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
560 try:
561 index.render(filterspec, search_text, filter, columns, sort,
562 group, show_customization=show_customization,
563 show_nodes=show_nodes, pagesize=pagesize, startwith=startwith)
564 except htmltemplate.MissingTemplateError:
565 self.basicClassEditPage()
566 self.pagefoot()
568 def basicClassEditPage(self):
569 '''Display a basic edit page that allows simple editing of the
570 nodes of the current class
571 '''
572 userid = self.db.user.lookup(self.user)
573 if not self.db.security.hasPermission('Edit', userid):
574 raise Unauthorised, _("You do not have permission to access"\
575 " %(action)s.")%{'action': self.classname}
576 w = self.write
577 cn = self.classname
578 cl = self.db.classes[cn]
579 idlessprops = cl.getprops(protected=0).keys()
580 props = ['id'] + idlessprops
582 # get the CSV module
583 try:
584 import csv
585 except ImportError:
586 w(_('Sorry, you need the csv module to use this function.<br>\n'
587 'Get it from: <a href="http://www.object-craft.com.au/projects/csv/">http://www.object-craft.com.au/projects/csv/'))
588 return
590 # do the edit
591 if self.form.has_key('rows'):
592 rows = self.form['rows'].value.splitlines()
593 p = csv.parser()
594 found = {}
595 line = 0
596 for row in rows:
597 line += 1
598 values = p.parse(row)
599 # not a complete row, keep going
600 if not values: continue
602 # extract the nodeid
603 nodeid, values = values[0], values[1:]
604 found[nodeid] = 1
606 # confirm correct weight
607 if len(idlessprops) != len(values):
608 w(_('Not enough values on line %(line)s'%{'line':line}))
609 return
611 # extract the new values
612 d = {}
613 for name, value in zip(idlessprops, values):
614 value = value.strip()
615 # only add the property if it has a value
616 if value:
617 # if it's a multilink, split it
618 if isinstance(cl.properties[name], hyperdb.Multilink):
619 value = value.split(':')
620 d[name] = value
622 # perform the edit
623 if cl.hasnode(nodeid):
624 # edit existing
625 cl.set(nodeid, **d)
626 else:
627 # new node
628 found[cl.create(**d)] = 1
630 # retire the removed entries
631 for nodeid in cl.list():
632 if not found.has_key(nodeid):
633 cl.retire(nodeid)
635 w(_('''<p class="form-help">You may edit the contents of the
636 "%(classname)s" class using this form. Commas, newlines and double
637 quotes (") must be handled delicately. You may include commas and
638 newlines by enclosing the values in double-quotes ("). Double
639 quotes themselves must be quoted by doubling ("").</p>
640 <p class="form-help">Multilink properties have their multiple
641 values colon (":") separated (... ,"one:two:three", ...)</p>
642 <p class="form-help">Remove entries by deleting their line. Add
643 new entries by appending
644 them to the table - put an X in the id column.</p>''')%{'classname':cn})
646 l = []
647 for name in props:
648 l.append(name)
649 w('<tt>')
650 w(', '.join(l) + '\n')
651 w('</tt>')
653 w('<form onSubmit="return submit_once()" method="POST">')
654 w('<textarea name="rows" cols=80 rows=15>')
655 p = csv.parser()
656 for nodeid in cl.list():
657 l = []
658 for name in props:
659 value = cl.get(nodeid, name)
660 if value is None:
661 l.append('')
662 elif isinstance(value, type([])):
663 l.append(cgi.escape(':'.join(map(str, value))))
664 else:
665 l.append(cgi.escape(str(cl.get(nodeid, name))))
666 w(p.join(l) + '\n')
668 w(_('</textarea><br><input type="submit" value="Save Changes"></form>'))
670 def classhelp(self):
671 '''Display a table of class info
672 '''
673 w = self.write
674 cn = self.form['classname'].value
675 cl = self.db.classes[cn]
676 props = self.form['properties'].value.split(',')
677 if cl.labelprop(1) in props:
678 sort = [cl.labelprop(1)]
679 else:
680 sort = props[0]
682 w('<table border=1 cellspacing=0 cellpaddin=2>')
683 w('<tr>')
684 for name in props:
685 w('<th align=left>%s</th>'%name)
686 w('</tr>')
687 for nodeid in cl.filter(None, {}, sort, []):
688 w('<tr>')
689 for name in props:
690 value = cgi.escape(str(cl.get(nodeid, name)))
691 w('<td align="left" valign="top">%s</td>'%value)
692 w('</tr>')
693 w('</table>')
695 def shownode(self, message=None, num_re=re.compile('^\d+$')):
696 ''' display an item
697 '''
698 cn = self.classname
699 cl = self.db.classes[cn]
700 if self.form.has_key(':multilink'):
701 link = self.form[':multilink'].value
702 designator, linkprop = link.split(':')
703 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
704 else:
705 xtra = ''
707 # possibly perform an edit
708 keys = self.form.keys()
709 # don't try to set properties if the user has just logged in
710 if keys and not self.form.has_key('__login_name'):
711 try:
712 userid = self.db.user.lookup(self.user)
713 if not self.db.security.hasPermission('Edit', userid, cn):
714 message = _('You do not have permission to edit %s' %cn)
715 else:
716 props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
717 # make changes to the node
718 self._changenode(props)
719 # handle linked nodes
720 self._post_editnode(self.nodeid)
721 # and some nice feedback for the user
722 if props:
723 message = _('%(changes)s edited ok')%{'changes':
724 ', '.join(props.keys())}
725 elif self.form.has_key('__note') and self.form['__note'].value:
726 message = _('note added')
727 elif (self.form.has_key('__file') and
728 self.form['__file'].filename):
729 message = _('file added')
730 else:
731 message = _('nothing changed')
732 except:
733 self.db.rollback()
734 s = StringIO.StringIO()
735 traceback.print_exc(None, s)
736 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
738 # now the display
739 id = self.nodeid
740 if cl.getkey():
741 id = cl.get(id, cl.getkey())
742 self.pagehead('%s: %s %s'%(self.classname.capitalize(), id, xtra),
743 message)
745 nodeid = self.nodeid
747 # use the template to display the item
748 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
749 self.classname)
750 item.render(nodeid)
752 self.pagefoot()
753 showissue = shownode
754 showmsg = shownode
755 searchissue = searchnode
757 def showquery(self):
758 queries = self.db.getclass(self.classname)
759 if self.form.keys():
760 sort = self.index_sort()
761 group = self.index_arg(':group')
762 filter = self.index_arg(':filter')
763 columns = self.index_arg(':columns')
764 filterspec = self.index_filterspec(filter, queries.get(self.nodeid, 'klass'))
765 if self.form.has_key('search_text'):
766 search_text = self.form['search_text'].value
767 else:
768 search_text = ''
769 if self.form.has_key(':pagesize'):
770 pagesize = int(self.form[':pagesize'].value)
771 else:
772 pagesize = 50
773 # format a query string
774 qd = {}
775 qd[':sort'] = ','.join(map(urllib.quote, sort))
776 qd[':group'] = ','.join(map(urllib.quote, group))
777 qd[':filter'] = ','.join(map(urllib.quote, filter))
778 qd[':columns'] = ','.join(map(urllib.quote, columns))
779 for k, l in filterspec.items():
780 qd[urllib.quote(k)] = ','.join(map(urllib.quote, l))
781 url = '&'.join([k+'='+v for k,v in qd.items()])
782 url += '&:pagesize=%s' % pagesize
783 if search_text:
784 url += '&search_text=%s' % search_text
785 qname = self.form['name'].value
786 chgd = []
787 if qname != queries.get(self.nodeid, 'name'):
788 chgd.append('name')
789 if url != queries.get(self.nodeid, 'url'):
790 chgd.append('url')
791 if chgd:
792 queries.set(self.nodeid, name=qname, url=url)
793 message = _('%(changes)s edited ok')%{'changes': ', '.join(chgd)}
794 else:
795 message = _('nothing changed')
796 else:
797 message = None
798 nm = queries.get(self.nodeid, 'name')
799 self.pagehead('%s: %s'%(self.classname.capitalize(), nm), message)
801 # use the template to display the item
802 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
803 self.classname)
804 item.render(self.nodeid)
805 self.pagefoot()
807 def _changenode(self, props):
808 ''' change the node based on the contents of the form
809 '''
810 cl = self.db.classes[self.classname]
812 # create the message
813 message, files = self._handle_message()
814 if message:
815 props['messages'] = cl.get(self.nodeid, 'messages') + [message]
816 if files:
817 props['files'] = cl.get(self.nodeid, 'files') + files
819 # make the changes
820 cl.set(self.nodeid, **props)
822 def _createnode(self):
823 ''' create a node based on the contents of the form
824 '''
825 cl = self.db.classes[self.classname]
826 props = parsePropsFromForm(self.db, cl, self.form)
828 # check for messages and files
829 message, files = self._handle_message()
830 if message:
831 props['messages'] = [message]
832 if files:
833 props['files'] = files
834 # create the node and return it's id
835 return cl.create(**props)
837 def _handle_message(self):
838 ''' generate an edit message
839 '''
840 # handle file attachments
841 files = []
842 if self.form.has_key('__file'):
843 file = self.form['__file']
844 if file.filename:
845 filename = file.filename.split('\\')[-1]
846 mime_type = mimetypes.guess_type(filename)[0]
847 if not mime_type:
848 mime_type = "application/octet-stream"
849 # create the new file entry
850 files.append(self.db.file.create(type=mime_type,
851 name=filename, content=file.file.read()))
853 # we don't want to do a message if none of the following is true...
854 cn = self.classname
855 cl = self.db.classes[self.classname]
856 props = cl.getprops()
857 note = None
858 # in a nutshell, don't do anything if there's no note or there's no
859 # NOSY
860 if self.form.has_key('__note'):
861 note = self.form['__note'].value.strip()
862 if not note:
863 return None, files
864 if not props.has_key('messages'):
865 return None, files
866 if not isinstance(props['messages'], hyperdb.Multilink):
867 return None, files
868 if not props['messages'].classname == 'msg':
869 return None, files
870 if not (self.form.has_key('nosy') or note):
871 return None, files
873 # handle the note
874 if '\n' in note:
875 summary = re.split(r'\n\r?', note)[0]
876 else:
877 summary = note
878 m = ['%s\n'%note]
880 # handle the messageid
881 # TODO: handle inreplyto
882 messageid = "<%s.%s.%s@%s>"%(time.time(), random.random(),
883 self.classname, self.instance.MAIL_DOMAIN)
885 # now create the message, attaching the files
886 content = '\n'.join(m)
887 message_id = self.db.msg.create(author=self.getuid(),
888 recipients=[], date=date.Date('.'), summary=summary,
889 content=content, files=files, messageid=messageid)
891 # update the messages property
892 return message_id, files
894 def _post_editnode(self, nid):
895 '''Do the linking part of the node creation.
897 If a form element has :link or :multilink appended to it, its
898 value specifies a node designator and the property on that node
899 to add _this_ node to as a link or multilink.
901 This is typically used on, eg. the file upload page to indicated
902 which issue to link the file to.
904 TODO: I suspect that this and newfile will go away now that
905 there's the ability to upload a file using the issue __file form
906 element!
907 '''
908 cn = self.classname
909 cl = self.db.classes[cn]
910 # link if necessary
911 keys = self.form.keys()
912 for key in keys:
913 if key == ':multilink':
914 value = self.form[key].value
915 if type(value) != type([]): value = [value]
916 for value in value:
917 designator, property = value.split(':')
918 link, nodeid = hyperdb.splitDesignator(designator)
919 link = self.db.classes[link]
920 # take a dupe of the list so we're not changing the cache
921 value = link.get(nodeid, property)[:]
922 value.append(nid)
923 link.set(nodeid, **{property: value})
924 elif key == ':link':
925 value = self.form[key].value
926 if type(value) != type([]): value = [value]
927 for value in value:
928 designator, property = value.split(':')
929 link, nodeid = hyperdb.splitDesignator(designator)
930 link = self.db.classes[link]
931 link.set(nodeid, **{property: nid})
933 def newnode(self, message=None):
934 ''' Add a new node to the database.
936 The form works in two modes: blank form and submission (that is,
937 the submission goes to the same URL). **Eventually this means that
938 the form will have previously entered information in it if
939 submission fails.
941 The new node will be created with the properties specified in the
942 form submission. For multilinks, multiple form entries are handled,
943 as are prop=value,value,value. You can't mix them though.
945 If the new node is to be referenced from somewhere else immediately
946 (ie. the new node is a file that is to be attached to a support
947 issue) then supply one of these arguments in addition to the usual
948 form entries:
949 :link=designator:property
950 :multilink=designator:property
951 ... which means that once the new node is created, the "property"
952 on the node given by "designator" should now reference the new
953 node's id. The node id will be appended to the multilink.
954 '''
955 cn = self.classname
956 userid = self.db.user.lookup(self.user)
957 if not self.db.security.hasPermission('View', userid, cn):
958 raise Unauthorised, _("You do not have permission to access"\
959 " %(action)s.")%{'action': self.classname}
960 cl = self.db.classes[cn]
961 if self.form.has_key(':multilink'):
962 link = self.form[':multilink'].value
963 designator, linkprop = link.split(':')
964 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
965 else:
966 xtra = ''
968 # possibly perform a create
969 keys = self.form.keys()
970 if [i for i in keys if i[0] != ':']:
971 # no dice if you can't edit!
972 if not self.db.security.hasPermission('Edit', userid, cn):
973 raise Unauthorised, _("You do not have permission to access"\
974 " %(action)s.")%{'action': 'new'+self.classname}
975 props = {}
976 try:
977 nid = self._createnode()
978 # handle linked nodes
979 self._post_editnode(nid)
980 # and some nice feedback for the user
981 message = _('%(classname)s created ok')%{'classname': cn}
983 # render the newly created issue
984 self.db.commit()
985 self.nodeid = nid
986 self.pagehead('%s: %s'%(self.classname.capitalize(), nid),
987 message)
988 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
989 self.classname)
990 item.render(nid)
991 self.pagefoot()
992 return
993 except:
994 self.db.rollback()
995 s = StringIO.StringIO()
996 traceback.print_exc(None, s)
997 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
998 self.pagehead(_('New %(classname)s %(xtra)s')%{
999 'classname': self.classname.capitalize(),
1000 'xtra': xtra }, message)
1002 # call the template
1003 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1004 self.classname)
1005 newitem.render(self.form)
1007 self.pagefoot()
1008 newissue = newnode
1010 def newuser(self, message=None):
1011 ''' Add a new user to the database.
1013 Don't do any of the message or file handling, just create the node.
1014 '''
1015 userid = self.db.user.lookup(self.user)
1016 if not self.db.security.hasPermission('Edit', userid, 'user'):
1017 raise Unauthorised, _("You do not have permission to access"\
1018 " %(action)s.")%{'action': 'newuser'}
1020 cn = self.classname
1021 cl = self.db.classes[cn]
1023 # possibly perform a create
1024 keys = self.form.keys()
1025 if [i for i in keys if i[0] != ':']:
1026 try:
1027 props = parsePropsFromForm(self.db, cl, self.form)
1028 nid = cl.create(**props)
1029 # handle linked nodes
1030 self._post_editnode(nid)
1031 # and some nice feedback for the user
1032 message = _('%(classname)s created ok')%{'classname': cn}
1033 except:
1034 self.db.rollback()
1035 s = StringIO.StringIO()
1036 traceback.print_exc(None, s)
1037 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1038 self.pagehead(_('New %(classname)s')%{'classname':
1039 self.classname.capitalize()}, message)
1041 # call the template
1042 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1043 self.classname)
1044 newitem.render(self.form)
1046 self.pagefoot()
1048 def newfile(self, message=None):
1049 ''' Add a new file to the database.
1051 This form works very much the same way as newnode - it just has a
1052 file upload.
1053 '''
1054 userid = self.db.user.lookup(self.user)
1055 if not self.db.security.hasPermission('Edit', userid, 'file'):
1056 raise Unauthorised, _("You do not have permission to access"\
1057 " %(action)s.")%{'action': 'newfile'}
1058 cn = self.classname
1059 cl = self.db.classes[cn]
1060 props = parsePropsFromForm(self.db, cl, self.form)
1061 if self.form.has_key(':multilink'):
1062 link = self.form[':multilink'].value
1063 designator, linkprop = link.split(':')
1064 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
1065 else:
1066 xtra = ''
1068 # possibly perform a create
1069 keys = self.form.keys()
1070 if [i for i in keys if i[0] != ':']:
1071 try:
1072 file = self.form['content']
1073 mime_type = mimetypes.guess_type(file.filename)[0]
1074 if not mime_type:
1075 mime_type = "application/octet-stream"
1076 # save the file
1077 props['type'] = mime_type
1078 props['name'] = file.filename
1079 props['content'] = file.file.read()
1080 nid = cl.create(**props)
1081 # handle linked nodes
1082 self._post_editnode(nid)
1083 # and some nice feedback for the user
1084 message = _('%(classname)s created ok')%{'classname': cn}
1085 except:
1086 self.db.rollback()
1087 s = StringIO.StringIO()
1088 traceback.print_exc(None, s)
1089 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1091 self.pagehead(_('New %(classname)s %(xtra)s')%{
1092 'classname': self.classname.capitalize(),
1093 'xtra': xtra }, message)
1094 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1095 self.classname)
1096 newitem.render(self.form)
1097 self.pagefoot()
1099 def showuser(self, message=None, num_re=re.compile('^\d+$')):
1100 '''Display a user page for editing. Make sure the user is allowed
1101 to edit this node, and also check for password changes.
1102 '''
1103 user = self.db.user
1105 # get the username of the node being edited
1106 try:
1107 node_user = user.get(self.nodeid, 'username')
1108 except IndexError:
1109 raise NotFound, 'user%s'%self.nodeid
1111 # ok, so we need to be able to edit everything, or be this node's
1112 # user
1113 userid = self.db.user.lookup(self.user)
1114 if (not self.db.security.hasPermission('Edit', userid)
1115 and self.user != node_user):
1116 raise Unauthorised, _("You do not have permission to access"\
1117 " %(action)s.")%{'action': self.classname +
1118 str(self.nodeid)}
1120 #
1121 # perform any editing
1122 #
1123 keys = self.form.keys()
1124 if keys:
1125 try:
1126 props = parsePropsFromForm(self.db, user, self.form,
1127 self.nodeid)
1128 set_cookie = 0
1129 if props.has_key('password'):
1130 password = self.form['password'].value.strip()
1131 if not password:
1132 # no password was supplied - don't change it
1133 del props['password']
1134 elif self.nodeid == self.getuid():
1135 # this is the logged-in user's password
1136 set_cookie = password
1137 user.set(self.nodeid, **props)
1138 # and some feedback for the user
1139 message = _('%(changes)s edited ok')%{'changes':
1140 ', '.join(props.keys())}
1141 except:
1142 self.db.rollback()
1143 s = StringIO.StringIO()
1144 traceback.print_exc(None, s)
1145 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1146 else:
1147 set_cookie = 0
1149 # fix the cookie if the password has changed
1150 if set_cookie:
1151 self.set_cookie(self.user, set_cookie)
1153 #
1154 # now the display
1155 #
1156 self.pagehead(_('User: %(user)s')%{'user': node_user}, message)
1158 # use the template to display the item
1159 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES, 'user')
1160 item.render(self.nodeid)
1161 self.pagefoot()
1163 def showfile(self):
1164 ''' display a file
1165 '''
1166 nodeid = self.nodeid
1167 cl = self.db.classes[self.classname]
1168 try:
1169 mime_type = cl.get(nodeid, 'type')
1170 except IndexError:
1171 raise NotFound, 'file%s'%nodeid
1172 if mime_type == 'message/rfc822':
1173 mime_type = 'text/plain'
1174 self.header(headers={'Content-Type': mime_type})
1175 self.write(cl.get(nodeid, 'content'))
1177 def permission(self):
1178 '''
1179 '''
1181 def classes(self, message=None):
1182 ''' display a list of all the classes in the database
1183 '''
1184 userid = self.db.user.lookup(self.user)
1185 if not self.db.security.hasPermission('Edit', userid):
1186 raise Unauthorised, _("You do not have permission to access"\
1187 " %(action)s.")%{'action': 'all classes'}
1189 self.pagehead(_('Table of classes'), message)
1190 classnames = self.db.classes.keys()
1191 classnames.sort()
1192 self.write('<table border=0 cellspacing=0 cellpadding=2>\n')
1193 for cn in classnames:
1194 cl = self.db.getclass(cn)
1195 self.write('<tr class="list-header"><th colspan=2 align=left>'
1196 '<a href="%s">%s</a></th></tr>'%(cn, cn.capitalize()))
1197 for key, value in cl.properties.items():
1198 if value is None: value = ''
1199 else: value = str(value)
1200 self.write('<tr><th align=left>%s</th><td>%s</td></tr>'%(
1201 key, cgi.escape(value)))
1202 self.write('</table>')
1203 self.pagefoot()
1205 def unauthorised(self, message):
1206 ''' The user is not authorised to do something. If they're
1207 anonymous, throw up a login box. If not, just tell them they
1208 can't do whatever it was they were trying to do.
1210 Bot cases print up the message, which is most likely the
1211 argument to the Unauthorised exception.
1212 '''
1213 self.header(response=403)
1214 if self.desired_action is None or self.desired_action == 'login':
1215 if not message:
1216 message=_("You do not have permission.")
1217 action = 'index'
1218 else:
1219 if not message:
1220 message=_("You do not have permission to access"\
1221 " %(action)s.")%{'action': self.desired_action}
1222 action = self.desired_action
1223 if self.user == 'anonymous':
1224 self.login(action=action, message=message)
1225 else:
1226 self.pagehead(_('Not Authorised'))
1227 self.write('<p class="system-msg">%s</p>'%message)
1228 self.pagefoot()
1230 def login(self, message=None, newuser_form=None, action='index'):
1231 '''Display a login page.
1232 '''
1233 self.pagehead(_('Login to roundup'))
1234 if message:
1235 self.write('<p class="system-msg">%s</p>'%message)
1236 self.write(_('''
1237 <table>
1238 <tr><td colspan=2 class="strong-header">Existing User Login</td></tr>
1239 <form onSubmit="return submit_once()" action="login_action" method=POST>
1240 <input type="hidden" name="__destination_url" value="%(action)s">
1241 <tr><td align=right>Login name: </td>
1242 <td><input name="__login_name"></td></tr>
1243 <tr><td align=right>Password: </td>
1244 <td><input type="password" name="__login_password"></td></tr>
1245 <tr><td></td>
1246 <td><input type="submit" value="Log In"></td></tr>
1247 </form>
1248 ''')%locals())
1249 userid = self.db.user.lookup(self.user)
1250 if not self.db.security.hasPermission('Web Registration', userid):
1251 self.write('</table>')
1252 self.pagefoot()
1253 return
1254 values = {'realname': '', 'organisation': '', 'address': '',
1255 'phone': '', 'username': '', 'password': '', 'confirm': '',
1256 'action': action, 'alternate_addresses': ''}
1257 if newuser_form is not None:
1258 for key in newuser_form.keys():
1259 values[key] = newuser_form[key].value
1260 self.write(_('''
1261 <p>
1262 <tr><td colspan=2 class="strong-header">New User Registration</td></tr>
1263 <tr><td colspan=2><em>marked items</em> are optional...</td></tr>
1264 <form onSubmit="return submit_once()" action="newuser_action" method=POST>
1265 <input type="hidden" name="__destination_url" value="%(action)s">
1266 <tr><td align=right><em>Name: </em></td>
1267 <td><input name="realname" value="%(realname)s" size=40></td></tr>
1268 <tr><td align=right><em>Organisation: </em></td>
1269 <td><input name="organisation" value="%(organisation)s" size=40></td></tr>
1270 <tr><td align=right>E-Mail Address: </td>
1271 <td><input name="address" value="%(address)s" size=40></td></tr>
1272 <tr><td align=right><em>Alternate E-mail Addresses: </em></td>
1273 <td><textarea name="alternate_addresses" rows=5 cols=40>%(alternate_addresses)s</textarea></td></tr>
1274 <tr><td align=right><em>Phone: </em></td>
1275 <td><input name="phone" value="%(phone)s"></td></tr>
1276 <tr><td align=right>Preferred Login name: </td>
1277 <td><input name="username" value="%(username)s"></td></tr>
1278 <tr><td align=right>Password: </td>
1279 <td><input type="password" name="password" value="%(password)s"></td></tr>
1280 <tr><td align=right>Password Again: </td>
1281 <td><input type="password" name="confirm" value="%(confirm)s"></td></tr>
1282 <tr><td></td>
1283 <td><input type="submit" value="Register"></td></tr>
1284 </form>
1285 </table>
1286 ''')%values)
1287 self.pagefoot()
1289 def login_action(self, message=None):
1290 '''Attempt to log a user in and set the cookie
1292 returns 0 if a page is generated as a result of this call, and
1293 1 if not (ie. the login is successful
1294 '''
1295 if not self.form.has_key('__login_name'):
1296 self.login(message=_('Username required'))
1297 return 0
1298 self.user = self.form['__login_name'].value
1299 # re-open the database for real, using the user
1300 self.opendb(self.user)
1301 if self.form.has_key('__login_password'):
1302 password = self.form['__login_password'].value
1303 else:
1304 password = ''
1305 # make sure the user exists
1306 try:
1307 uid = self.db.user.lookup(self.user)
1308 except KeyError:
1309 name = self.user
1310 self.make_user_anonymous()
1311 action = self.form['__destination_url'].value
1312 self.login(message=_('No such user "%(name)s"')%locals(),
1313 action=action)
1314 return 0
1316 # and that the password is correct
1317 pw = self.db.user.get(uid, 'password')
1318 if password != pw:
1319 self.make_user_anonymous()
1320 action = self.form['__destination_url'].value
1321 self.login(message=_('Incorrect password'), action=action)
1322 return 0
1324 self.set_cookie(self.user, password)
1325 return 1
1327 def newuser_action(self, message=None):
1328 '''Attempt to create a new user based on the contents of the form
1329 and then set the cookie.
1331 return 1 on successful login
1332 '''
1333 # make sure we're allowed to register
1334 userid = self.db.user.lookup(self.user)
1335 if not self.db.security.hasPermission('Web Registration', userid):
1336 raise Unauthorised, _("You do not have permission to access"\
1337 " %(action)s.")%{'action': 'registration'}
1339 # re-open the database as "admin"
1340 if self.user != 'admin':
1341 self.opendb('admin')
1343 # create the new user
1344 cl = self.db.user
1345 try:
1346 props = parsePropsFromForm(self.db, cl, self.form)
1347 props['roles'] = self.instance.NEW_WEB_USER_ROLES
1348 uid = cl.create(**props)
1349 self.db.commit()
1350 except ValueError, message:
1351 action = self.form['__destination_url'].value
1352 self.login(message, action=action)
1353 return 0
1355 # log the new user in
1356 self.user = cl.get(uid, 'username')
1357 # re-open the database for real, using the user
1358 self.opendb(self.user)
1359 password = cl.get(uid, 'password')
1360 self.set_cookie(self.user, self.form['password'].value)
1361 return 1
1363 def set_cookie(self, user, password):
1364 # TODO generate a much, much stronger session key ;)
1365 self.session = binascii.b2a_base64(repr(time.time())).strip()
1367 # clean up the base64
1368 if self.session[-1] == '=':
1369 if self.session[-2] == '=':
1370 self.session = self.session[:-2]
1371 else:
1372 self.session = self.session[:-1]
1374 # insert the session in the sessiondb
1375 self.db.sessions.set(self.session, user=user, last_use=time.time())
1377 # and commit immediately
1378 self.db.sessions.commit()
1380 # expire us in a long, long time
1381 expire = Cookie._getdate(86400*365)
1383 # generate the cookie path - make sure it has a trailing '/'
1384 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
1385 ''))
1386 self.header({'Set-Cookie': 'roundup_user=%s; expires=%s; Path=%s;'%(
1387 self.session, expire, path)})
1389 def make_user_anonymous(self):
1390 ''' Make us anonymous
1392 This method used to handle non-existence of the 'anonymous'
1393 user, but that user is mandatory now.
1394 '''
1395 self.db.user.lookup('anonymous')
1396 self.user = 'anonymous'
1398 def logout(self, message=None):
1399 ''' Make us really anonymous - nuke the cookie too
1400 '''
1401 self.make_user_anonymous()
1403 # construct the logout cookie
1404 now = Cookie._getdate()
1405 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
1406 ''))
1407 self.header({'Set-Cookie':
1408 'roundup_user=deleted; Max-Age=0; expires=%s; Path=%s;'%(now,
1409 path)})
1410 self.login()
1412 def opendb(self, user):
1413 ''' Open the database - but include the definition of the sessions db.
1414 '''
1415 # open the db
1416 self.db = self.instance.open(user)
1418 def main(self):
1419 ''' Wrap the request and handle unauthorised requests
1420 '''
1421 self.desired_action = None
1422 try:
1423 self.main_action()
1424 except Unauthorised, message:
1425 self.unauthorised(message)
1427 def main_action(self):
1428 '''Wrap the database accesses so we can close the database cleanly
1429 '''
1430 # determine the uid to use
1431 self.opendb('admin')
1433 # make sure we have the session Class
1434 sessions = self.db.sessions
1436 # age sessions, remove when they haven't been used for a week
1437 # TODO: this shouldn't be done every access
1438 week = 60*60*24*7
1439 now = time.time()
1440 for sessid in sessions.list():
1441 interval = now - sessions.get(sessid, 'last_use')
1442 if interval > week:
1443 sessions.destroy(sessid)
1445 # look up the user session cookie
1446 cookie = Cookie.Cookie(self.env.get('HTTP_COOKIE', ''))
1447 user = 'anonymous'
1449 if (cookie.has_key('roundup_user') and
1450 cookie['roundup_user'].value != 'deleted'):
1452 # get the session key from the cookie
1453 self.session = cookie['roundup_user'].value
1454 # get the user from the session
1455 try:
1456 # update the lifetime datestamp
1457 sessions.set(self.session, last_use=time.time())
1458 sessions.commit()
1459 user = sessions.get(self.session, 'user')
1460 except KeyError:
1461 user = 'anonymous'
1463 # sanity check on the user still being valid
1464 try:
1465 self.db.user.lookup(user)
1466 except (KeyError, TypeError):
1467 user = 'anonymous'
1469 # make sure the anonymous user is valid if we're using it
1470 if user == 'anonymous':
1471 self.make_user_anonymous()
1472 else:
1473 self.user = user
1475 # now figure which function to call
1476 path = self.split_path
1478 # default action to index if the path has no information in it
1479 if not path or path[0] in ('', 'index'):
1480 action = 'index'
1481 else:
1482 action = path[0]
1483 self.desired_action = action
1485 # Everthing ignores path[1:]
1486 # - The file download link generator actually relies on this - it
1487 # appends the name of the file to the URL so the download file name
1488 # is correct, but doesn't actually use it.
1490 # everyone is allowed to try to log in
1491 if action == 'login_action':
1492 # try to login
1493 if not self.login_action():
1494 return
1495 # figure the resulting page
1496 action = self.form['__destination_url'].value
1497 if not action:
1498 action = 'index'
1499 self.do_action(action)
1500 return
1502 # allow anonymous people to register
1503 if action == 'newuser_action':
1504 # try to add the user
1505 if not self.newuser_action():
1506 return
1507 # figure the resulting page
1508 action = self.form['__destination_url'].value
1509 if not action:
1510 action = 'index'
1512 # re-open the database for real, using the user
1513 self.opendb(self.user)
1515 # just a regular action
1516 self.do_action(action)
1518 # commit all changes to the database
1519 self.db.commit()
1521 def do_action(self, action, dre=re.compile(r'([^\d]+)(\d+)'),
1522 nre=re.compile(r'new(\w+)'), sre=re.compile(r'search(\w+)')):
1523 '''Figure the user's action and do it.
1524 '''
1525 # here be the "normal" functionality
1526 if action == 'index':
1527 self.index()
1528 return
1529 if action == 'list_classes':
1530 self.classes()
1531 return
1532 if action == 'classhelp':
1533 self.classhelp()
1534 return
1535 if action == 'login':
1536 self.login()
1537 return
1538 if action == 'logout':
1539 self.logout()
1540 return
1542 # see if we're to display an existing node
1543 m = dre.match(action)
1544 if m:
1545 self.classname = m.group(1)
1546 self.nodeid = m.group(2)
1547 try:
1548 cl = self.db.classes[self.classname]
1549 except KeyError:
1550 raise NotFound, self.classname
1551 try:
1552 cl.get(self.nodeid, 'id')
1553 except IndexError:
1554 raise NotFound, self.nodeid
1555 try:
1556 func = getattr(self, 'show%s'%self.classname)
1557 except AttributeError:
1558 raise NotFound, 'show%s'%self.classname
1559 func()
1560 return
1562 # see if we're to put up the new node page
1563 m = nre.match(action)
1564 if m:
1565 self.classname = m.group(1)
1566 try:
1567 func = getattr(self, 'new%s'%self.classname)
1568 except AttributeError:
1569 raise NotFound, 'new%s'%self.classname
1570 func()
1571 return
1573 # see if we're to put up the new node page
1574 m = sre.match(action)
1575 if m:
1576 self.classname = m.group(1)
1577 try:
1578 func = getattr(self, 'search%s'%self.classname)
1579 except AttributeError:
1580 raise NotFound
1581 func()
1582 return
1584 # otherwise, display the named class
1585 self.classname = action
1586 try:
1587 self.db.getclass(self.classname)
1588 except KeyError:
1589 raise NotFound, self.classname
1590 self.list()
1593 class ExtendedClient(Client):
1594 '''Includes pages and page heading information that relate to the
1595 extended schema.
1596 '''
1597 showsupport = Client.shownode
1598 showtimelog = Client.shownode
1599 newsupport = Client.newnode
1600 newtimelog = Client.newnode
1601 searchsupport = Client.searchnode
1603 default_index_sort = ['-activity']
1604 default_index_group = ['priority']
1605 default_index_filter = ['status']
1606 default_index_columns = ['activity','status','title','assignedto']
1607 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
1608 default_pagesize = '50'
1610 def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')):
1611 '''Pull properties for the given class out of the form.
1612 '''
1613 props = {}
1614 keys = form.keys()
1615 for key in keys:
1616 if not cl.properties.has_key(key):
1617 continue
1618 proptype = cl.properties[key]
1619 if isinstance(proptype, hyperdb.String):
1620 value = form[key].value.strip()
1621 elif isinstance(proptype, hyperdb.Password):
1622 value = password.Password(form[key].value.strip())
1623 elif isinstance(proptype, hyperdb.Date):
1624 value = form[key].value.strip()
1625 if value:
1626 value = date.Date(form[key].value.strip())
1627 else:
1628 value = None
1629 elif isinstance(proptype, hyperdb.Interval):
1630 value = form[key].value.strip()
1631 if value:
1632 value = date.Interval(form[key].value.strip())
1633 else:
1634 value = None
1635 elif isinstance(proptype, hyperdb.Link):
1636 value = form[key].value.strip()
1637 # see if it's the "no selection" choice
1638 if value == '-1':
1639 # don't set this property
1640 continue
1641 else:
1642 # handle key values
1643 link = cl.properties[key].classname
1644 if not num_re.match(value):
1645 try:
1646 value = db.classes[link].lookup(value)
1647 except KeyError:
1648 raise ValueError, _('property "%(propname)s": '
1649 '%(value)s not a %(classname)s')%{'propname':key,
1650 'value': value, 'classname': link}
1651 elif isinstance(proptype, hyperdb.Multilink):
1652 value = form[key]
1653 if hasattr(value, 'value'):
1654 # Quite likely to be a FormItem instance
1655 value = value.value
1656 if not isinstance(value, type([])):
1657 value = [i.strip() for i in value.split(',')]
1658 else:
1659 value = [i.strip() for i in value]
1660 link = cl.properties[key].classname
1661 l = []
1662 for entry in map(str, value):
1663 if entry == '': continue
1664 if not num_re.match(entry):
1665 try:
1666 entry = db.classes[link].lookup(entry)
1667 except KeyError:
1668 raise ValueError, _('property "%(propname)s": '
1669 '"%(value)s" not an entry of %(classname)s')%{
1670 'propname':key, 'value': entry, 'classname': link}
1671 l.append(entry)
1672 l.sort()
1673 value = l
1674 elif isinstance(proptype, hyperdb.Boolean):
1675 value = form[key].value.strip()
1676 props[key] = value = value.lower() in ('yes', 'true', 'on', '1')
1677 elif isinstance(proptype, hyperdb.Number):
1678 value = form[key].value.strip()
1679 props[key] = value = int(value)
1681 # get the old value
1682 if nodeid:
1683 try:
1684 existing = cl.get(nodeid, key)
1685 except KeyError:
1686 # this might be a new property for which there is no existing
1687 # value
1688 if not cl.properties.has_key(key): raise
1690 # if changed, set it
1691 if value != existing:
1692 props[key] = value
1693 else:
1694 props[key] = value
1695 return props
1697 #
1698 # $Log: not supported by cvs2svn $
1699 # Revision 1.151 2002/07/30 21:37:43 richard
1700 # oops, thanks Duncan Booth for spotting this one
1701 #
1702 # Revision 1.150 2002/07/30 20:43:18 gmcm
1703 # Oops, fix the permission check!
1704 #
1705 # Revision 1.149 2002/07/30 20:04:38 gmcm
1706 # Adapt metakit backend to new security scheme.
1707 # Put some more permission checks in cgi_client.
1708 #
1709 # Revision 1.148 2002/07/30 16:09:11 gmcm
1710 # Simple optimization.
1711 #
1712 # Revision 1.147 2002/07/30 08:22:38 richard
1713 # Session storage in the hyperdb was horribly, horribly inefficient. We use
1714 # a simple anydbm wrapper now - which could be overridden by the metakit
1715 # backend or RDB backend if necessary.
1716 # Much, much better.
1717 #
1718 # Revision 1.146 2002/07/30 05:27:30 richard
1719 # nicer error messages, and a bugfix
1720 #
1721 # Revision 1.145 2002/07/26 08:26:59 richard
1722 # Very close now. The cgi and mailgw now use the new security API. The two
1723 # templates have been migrated to that setup. Lots of unit tests. Still some
1724 # issue in the web form for editing Roles assigned to users.
1725 #
1726 # Revision 1.144 2002/07/25 07:14:05 richard
1727 # Bugger it. Here's the current shape of the new security implementation.
1728 # Still to do:
1729 # . call the security funcs from cgi and mailgw
1730 # . change shipped templates to include correct initialisation and remove
1731 # the old config vars
1732 # ... that seems like a lot. The bulk of the work has been done though. Honest :)
1733 #
1734 # Revision 1.143 2002/07/20 19:29:10 gmcm
1735 # Fixes/improvements to the search form & saved queries.
1736 #
1737 # Revision 1.142 2002/07/18 11:17:30 gmcm
1738 # Add Number and Boolean types to hyperdb.
1739 # Add conversion cases to web, mail & admin interfaces.
1740 # Add storage/serialization cases to back_anydbm & back_metakit.
1741 #
1742 # Revision 1.141 2002/07/17 12:39:10 gmcm
1743 # Saving, running & editing queries.
1744 #
1745 # Revision 1.140 2002/07/14 23:17:15 richard
1746 # cleaned up structure
1747 #
1748 # Revision 1.139 2002/07/14 06:14:40 richard
1749 # Some more TODOs
1750 #
1751 # Revision 1.138 2002/07/14 04:03:13 richard
1752 # Implemented a switch to disable journalling for a Class. CGI session
1753 # database now uses it.
1754 #
1755 # Revision 1.137 2002/07/10 07:00:30 richard
1756 # removed debugging
1757 #
1758 # Revision 1.136 2002/07/10 06:51:08 richard
1759 # . #576241 ] MultiLink problems in parsePropsFromForm
1760 #
1761 # Revision 1.135 2002/07/10 00:22:34 richard
1762 # . switched to using a session-based web login
1763 #
1764 # Revision 1.134 2002/07/09 04:19:09 richard
1765 # Added reindex command to roundup-admin.
1766 # Fixed reindex on first access.
1767 # Also fixed reindexing of entries that change.
1768 #
1769 # Revision 1.133 2002/07/08 15:32:05 gmcm
1770 # Pagination of index pages.
1771 # New search form.
1772 #
1773 # Revision 1.132 2002/07/08 07:26:14 richard
1774 # ehem
1775 #
1776 # Revision 1.131 2002/07/08 06:53:57 richard
1777 # Not sure why the cgi_client had an indexer argument.
1778 #
1779 # Revision 1.130 2002/06/27 12:01:53 gmcm
1780 # If the form has a :multilink, put a back href in the pageheader (back to the linked-to node).
1781 # Some minor optimizations (only compile regexes once).
1782 #
1783 # Revision 1.129 2002/06/20 23:52:11 richard
1784 # Better handling of unauth attempt to edit stuff
1785 #
1786 # Revision 1.128 2002/06/12 21:28:25 gmcm
1787 # Allow form to set user-properties on a Fileclass.
1788 # Don't assume that a Fileclass is named "files".
1789 #
1790 # Revision 1.127 2002/06/11 06:38:24 richard
1791 # . #565996 ] The "Attach a File to this Issue" fails
1792 #
1793 # Revision 1.126 2002/05/29 01:16:17 richard
1794 # Sorry about this huge checkin! It's fixing a lot of related stuff in one go
1795 # though.
1796 #
1797 # . #541941 ] changing multilink properties by mail
1798 # . #526730 ] search for messages capability
1799 # . #505180 ] split MailGW.handle_Message
1800 # - also changed cgi client since it was duplicating the functionality
1801 # . build htmlbase if tests are run using CVS checkout (removed note from
1802 # installation.txt)
1803 # . don't create an empty message on email issue creation if the email is empty
1804 #
1805 # Revision 1.125 2002/05/25 07:16:24 rochecompaan
1806 # Merged search_indexing-branch with HEAD
1807 #
1808 # Revision 1.124 2002/05/24 02:09:24 richard
1809 # Nothing like a live demo to show up the bugs ;)
1810 #
1811 # Revision 1.123 2002/05/22 05:04:13 richard
1812 # Oops
1813 #
1814 # Revision 1.122 2002/05/22 04:12:05 richard
1815 # . applied patch #558876 ] cgi client customization
1816 # ... with significant additions and modifications ;)
1817 # - extended handling of ML assignedto to all places it's handled
1818 # - added more NotFound info
1819 #
1820 # Revision 1.121 2002/05/21 06:08:10 richard
1821 # Handle migration
1822 #
1823 # Revision 1.120 2002/05/21 06:05:53 richard
1824 # . #551483 ] assignedto in Client.make_index_link
1825 #
1826 # Revision 1.119 2002/05/15 06:21:21 richard
1827 # . node caching now works, and gives a small boost in performance
1828 #
1829 # As a part of this, I cleaned up the DEBUG output and implemented TRACE
1830 # output (HYPERDBTRACE='file to trace to') with checkpoints at the start of
1831 # CGI requests. Run roundup with python -O to skip all the DEBUG/TRACE stuff
1832 # (using if __debug__ which is compiled out with -O)
1833 #
1834 # Revision 1.118 2002/05/12 23:46:33 richard
1835 # ehem, part 2
1836 #
1837 # Revision 1.117 2002/05/12 23:42:29 richard
1838 # ehem
1839 #
1840 # Revision 1.116 2002/05/02 08:07:49 richard
1841 # Added the ADD_AUTHOR_TO_NOSY handling to the CGI interface.
1842 #
1843 # Revision 1.115 2002/04/02 01:56:10 richard
1844 # . stop sending blank (whitespace-only) notes
1845 #
1846 # Revision 1.114.2.4 2002/05/02 11:49:18 rochecompaan
1847 # Allow customization of the search filters that should be displayed
1848 # on the search page.
1849 #
1850 # Revision 1.114.2.3 2002/04/20 13:23:31 rochecompaan
1851 # We now have a separate search page for nodes. Search links for
1852 # different classes can be customized in instance_config similar to
1853 # index links.
1854 #
1855 # Revision 1.114.2.2 2002/04/19 19:54:42 rochecompaan
1856 # cgi_client.py
1857 # removed search link for the time being
1858 # moved rendering of matches to htmltemplate
1859 # hyperdb.py
1860 # filtering of nodes on full text search incorporated in filter method
1861 # roundupdb.py
1862 # added paramater to call of filter method
1863 # roundup_indexer.py
1864 # added search method to RoundupIndexer class
1865 #
1866 # Revision 1.114.2.1 2002/04/03 11:55:57 rochecompaan
1867 # . Added feature #526730 - search for messages capability
1868 #
1869 # Revision 1.114 2002/03/17 23:06:05 richard
1870 # oops
1871 #
1872 # Revision 1.113 2002/03/14 23:59:24 richard
1873 # . #517734 ] web header customisation is obscure
1874 #
1875 # Revision 1.112 2002/03/12 22:52:26 richard
1876 # more pychecker warnings removed
1877 #
1878 # Revision 1.111 2002/02/25 04:32:21 richard
1879 # ahem
1880 #
1881 # Revision 1.110 2002/02/21 07:19:08 richard
1882 # ... and label, width and height control for extra flavour!
1883 #
1884 # Revision 1.109 2002/02/21 07:08:19 richard
1885 # oops
1886 #
1887 # Revision 1.108 2002/02/21 07:02:54 richard
1888 # The correct var is "HTTP_HOST"
1889 #
1890 # Revision 1.107 2002/02/21 06:57:38 richard
1891 # . Added popup help for classes using the classhelp html template function.
1892 # - add <display call="classhelp('priority', 'id,name,description')">
1893 # to an item page, and it generates a link to a popup window which displays
1894 # the id, name and description for the priority class. The description
1895 # field won't exist in most installations, but it will be added to the
1896 # default templates.
1897 #
1898 # Revision 1.106 2002/02/21 06:23:00 richard
1899 # *** empty log message ***
1900 #
1901 # Revision 1.105 2002/02/20 05:52:10 richard
1902 # better error handling
1903 #
1904 # Revision 1.104 2002/02/20 05:45:17 richard
1905 # Use the csv module for generating the form entry so it's correct.
1906 # [also noted the sf.net feature request id in the change log]
1907 #
1908 # Revision 1.103 2002/02/20 05:05:28 richard
1909 # . Added simple editing for classes that don't define a templated interface.
1910 # - access using the admin "class list" interface
1911 # - limited to admin-only
1912 # - requires the csv module from object-craft (url given if it's missing)
1913 #
1914 # Revision 1.102 2002/02/15 07:08:44 richard
1915 # . Alternate email addresses are now available for users. See the MIGRATION
1916 # file for info on how to activate the feature.
1917 #
1918 # Revision 1.101 2002/02/14 23:39:18 richard
1919 # . All forms now have "double-submit" protection when Javascript is enabled
1920 # on the client-side.
1921 #
1922 # Revision 1.100 2002/01/16 07:02:57 richard
1923 # . lots of date/interval related changes:
1924 # - more relaxed date format for input
1925 #
1926 # Revision 1.99 2002/01/16 03:02:42 richard
1927 # #503793 ] changing assignedto resets nosy list
1928 #
1929 # Revision 1.98 2002/01/14 02:20:14 richard
1930 # . changed all config accesses so they access either the instance or the
1931 # config attriubute on the db. This means that all config is obtained from
1932 # instance_config instead of the mish-mash of classes. This will make
1933 # switching to a ConfigParser setup easier too, I hope.
1934 #
1935 # At a minimum, this makes migration a _little_ easier (a lot easier in the
1936 # 0.5.0 switch, I hope!)
1937 #
1938 # Revision 1.97 2002/01/11 23:22:29 richard
1939 # . #502437 ] rogue reactor and unittest
1940 # in short, the nosy reactor was modifying the nosy list. That code had
1941 # been there for a long time, and I suspsect it was there because we
1942 # weren't generating the nosy list correctly in other places of the code.
1943 # We're now doing that, so the nosy-modifying code can go away from the
1944 # nosy reactor.
1945 #
1946 # Revision 1.96 2002/01/10 05:26:10 richard
1947 # missed a parsePropsFromForm in last update
1948 #
1949 # Revision 1.95 2002/01/10 03:39:45 richard
1950 # . fixed some problems with web editing and change detection
1951 #
1952 # Revision 1.94 2002/01/09 13:54:21 grubert
1953 # _add_assignedto_to_nosy did set nosy to assignedto only, no adding.
1954 #
1955 # Revision 1.93 2002/01/08 11:57:12 richard
1956 # crying out for real configuration handling... :(
1957 #
1958 # Revision 1.92 2002/01/08 04:12:05 richard
1959 # Changed message-id format to "<%s.%s.%s%s@%s>" so it complies with RFC822
1960 #
1961 # Revision 1.91 2002/01/08 04:03:47 richard
1962 # I mucked the intent of the code up.
1963 #
1964 # Revision 1.90 2002/01/08 03:56:55 richard
1965 # Oops, missed this before the beta:
1966 # . #495392 ] empty nosy -patch
1967 #
1968 # Revision 1.89 2002/01/07 20:24:45 richard
1969 # *mutter* stupid cutnpaste
1970 #
1971 # Revision 1.88 2002/01/02 02:31:38 richard
1972 # Sorry for the huge checkin message - I was only intending to implement #496356
1973 # but I found a number of places where things had been broken by transactions:
1974 # . modified ROUNDUPDBSENDMAILDEBUG to be SENDMAILDEBUG and hold a filename
1975 # for _all_ roundup-generated smtp messages to be sent to.
1976 # . the transaction cache had broken the roundupdb.Class set() reactors
1977 # . newly-created author users in the mailgw weren't being committed to the db
1978 #
1979 # Stuff that made it into CHANGES.txt (ie. the stuff I was actually working
1980 # on when I found that stuff :):
1981 # . #496356 ] Use threading in messages
1982 # . detectors were being registered multiple times
1983 # . added tests for mailgw
1984 # . much better attaching of erroneous messages in the mail gateway
1985 #
1986 # Revision 1.87 2001/12/23 23:18:49 richard
1987 # We already had an admin-specific section of the web heading, no need to add
1988 # another one :)
1989 #
1990 # Revision 1.86 2001/12/20 15:43:01 rochecompaan
1991 # Features added:
1992 # . Multilink properties are now displayed as comma separated values in
1993 # a textbox
1994 # . The add user link is now only visible to the admin user
1995 # . Modified the mail gateway to reject submissions from unknown
1996 # addresses if ANONYMOUS_ACCESS is denied
1997 #
1998 # Revision 1.85 2001/12/20 06:13:24 rochecompaan
1999 # Bugs fixed:
2000 # . Exception handling in hyperdb for strings-that-look-like numbers got
2001 # lost somewhere
2002 # . Internet Explorer submits full path for filename - we now strip away
2003 # the path
2004 # Features added:
2005 # . Link and multilink properties are now displayed sorted in the cgi
2006 # interface
2007 #
2008 # Revision 1.84 2001/12/18 15:30:30 rochecompaan
2009 # Fixed bugs:
2010 # . Fixed file creation and retrieval in same transaction in anydbm
2011 # backend
2012 # . Cgi interface now renders new issue after issue creation
2013 # . Could not set issue status to resolved through cgi interface
2014 # . Mail gateway was changing status back to 'chatting' if status was
2015 # omitted as an argument
2016 #
2017 # Revision 1.83 2001/12/15 23:51:01 richard
2018 # Tested the changes and fixed a few problems:
2019 # . files are now attached to the issue as well as the message
2020 # . newuser is a real method now since we don't want to do the message/file
2021 # stuff for it
2022 # . added some documentation
2023 # The really big changes in the diff are a result of me moving some code
2024 # around to keep like methods together a bit better.
2025 #
2026 # Revision 1.82 2001/12/15 19:24:39 rochecompaan
2027 # . Modified cgi interface to change properties only once all changes are
2028 # collected, files created and messages generated.
2029 # . Moved generation of change note to nosyreactors.
2030 # . We now check for changes to "assignedto" to ensure it's added to the
2031 # nosy list.
2032 #
2033 # Revision 1.81 2001/12/12 23:55:00 richard
2034 # Fixed some problems with user editing
2035 #
2036 # Revision 1.80 2001/12/12 23:27:14 richard
2037 # Added a Zope frontend for roundup.
2038 #
2039 # Revision 1.79 2001/12/10 22:20:01 richard
2040 # Enabled transaction support in the bsddb backend. It uses the anydbm code
2041 # where possible, only replacing methods where the db is opened (it uses the
2042 # btree opener specifically.)
2043 # Also cleaned up some change note generation.
2044 # Made the backends package work with pydoc too.
2045 #
2046 # Revision 1.78 2001/12/07 05:59:27 rochecompaan
2047 # Fixed small bug that prevented adding issues through the web.
2048 #
2049 # Revision 1.77 2001/12/06 22:48:29 richard
2050 # files multilink was being nuked in post_edit_node
2051 #
2052 # Revision 1.76 2001/12/05 14:26:44 rochecompaan
2053 # Removed generation of change note from "sendmessage" in roundupdb.py.
2054 # The change note is now generated when the message is created.
2055 #
2056 # Revision 1.75 2001/12/04 01:25:08 richard
2057 # Added some rollbacks where we were catching exceptions that would otherwise
2058 # have stopped committing.
2059 #
2060 # Revision 1.74 2001/12/02 05:06:16 richard
2061 # . We now use weakrefs in the Classes to keep the database reference, so
2062 # the close() method on the database is no longer needed.
2063 # I bumped the minimum python requirement up to 2.1 accordingly.
2064 # . #487480 ] roundup-server
2065 # . #487476 ] INSTALL.txt
2066 #
2067 # I also cleaned up the change message / post-edit stuff in the cgi client.
2068 # There's now a clearly marked "TODO: append the change note" where I believe
2069 # the change note should be added there. The "changes" list will obviously
2070 # have to be modified to be a dict of the changes, or somesuch.
2071 #
2072 # More testing needed.
2073 #
2074 # Revision 1.73 2001/12/01 07:17:50 richard
2075 # . We now have basic transaction support! Information is only written to
2076 # the database when the commit() method is called. Only the anydbm
2077 # backend is modified in this way - neither of the bsddb backends have been.
2078 # The mail, admin and cgi interfaces all use commit (except the admin tool
2079 # doesn't have a commit command, so interactive users can't commit...)
2080 # . Fixed login/registration forwarding the user to the right page (or not,
2081 # on a failure)
2082 #
2083 # Revision 1.72 2001/11/30 20:47:58 rochecompaan
2084 # Links in page header are now consistent with default sort order.
2085 #
2086 # Fixed bugs:
2087 # - When login failed the list of issues were still rendered.
2088 # - User was redirected to index page and not to his destination url
2089 # if his first login attempt failed.
2090 #
2091 # Revision 1.71 2001/11/30 20:28:10 rochecompaan
2092 # Property changes are now completely traceable, whether changes are
2093 # made through the web or by email
2094 #
2095 # Revision 1.70 2001/11/30 00:06:29 richard
2096 # Converted roundup/cgi_client.py to use _()
2097 # Added the status file, I18N_PROGRESS.txt
2098 #
2099 # Revision 1.69 2001/11/29 23:19:51 richard
2100 # Removed the "This issue has been edited through the web" when a valid
2101 # change note is supplied.
2102 #
2103 # Revision 1.68 2001/11/29 04:57:23 richard
2104 # a little comment
2105 #
2106 # Revision 1.67 2001/11/28 21:55:35 richard
2107 # . login_action and newuser_action return values were being ignored
2108 # . Woohoo! Found that bloody re-login bug that was killing the mail
2109 # gateway.
2110 # (also a minor cleanup in hyperdb)
2111 #
2112 # Revision 1.66 2001/11/27 03:00:50 richard
2113 # couple of bugfixes from latest patch integration
2114 #
2115 # Revision 1.65 2001/11/26 23:00:53 richard
2116 # This config stuff is getting to be a real mess...
2117 #
2118 # Revision 1.64 2001/11/26 22:56:35 richard
2119 # typo
2120 #
2121 # Revision 1.63 2001/11/26 22:55:56 richard
2122 # Feature:
2123 # . Added INSTANCE_NAME to configuration - used in web and email to identify
2124 # the instance.
2125 # . Added EMAIL_SIGNATURE_POSITION to indicate where to place the roundup
2126 # signature info in e-mails.
2127 # . Some more flexibility in the mail gateway and more error handling.
2128 # . Login now takes you to the page you back to the were denied access to.
2129 #
2130 # Fixed:
2131 # . Lots of bugs, thanks Roché and others on the devel mailing list!
2132 #
2133 # Revision 1.62 2001/11/24 00:45:42 jhermann
2134 # typeof() instead of type(): avoid clash with database field(?) "type"
2135 #
2136 # Fixes this traceback:
2137 #
2138 # Traceback (most recent call last):
2139 # File "roundup\cgi_client.py", line 535, in newnode
2140 # self._post_editnode(nid)
2141 # File "roundup\cgi_client.py", line 415, in _post_editnode
2142 # if type(value) != type([]): value = [value]
2143 # UnboundLocalError: local variable 'type' referenced before assignment
2144 #
2145 # Revision 1.61 2001/11/22 15:46:42 jhermann
2146 # Added module docstrings to all modules.
2147 #
2148 # Revision 1.60 2001/11/21 22:57:28 jhermann
2149 # Added dummy hooks for I18N and some preliminary (test) markup of
2150 # translatable messages
2151 #
2152 # Revision 1.59 2001/11/21 03:21:13 richard
2153 # oops
2154 #
2155 # Revision 1.58 2001/11/21 03:11:28 richard
2156 # Better handling of new properties.
2157 #
2158 # Revision 1.57 2001/11/15 10:24:27 richard
2159 # handle the case where there is no file attached
2160 #
2161 # Revision 1.56 2001/11/14 21:35:21 richard
2162 # . users may attach files to issues (and support in ext) through the web now
2163 #
2164 # Revision 1.55 2001/11/07 02:34:06 jhermann
2165 # Handling of damaged login cookies
2166 #
2167 # Revision 1.54 2001/11/07 01:16:12 richard
2168 # Remove the '=' padding from cookie value so quoting isn't an issue.
2169 #
2170 # Revision 1.53 2001/11/06 23:22:05 jhermann
2171 # More IE fixes: it does not like quotes around cookie values; in the
2172 # hope this does not break anything for other browser; if it does, we
2173 # need to check HTTP_USER_AGENT
2174 #
2175 # Revision 1.52 2001/11/06 23:11:22 jhermann
2176 # Fixed debug output in page footer; added expiry date to the login cookie
2177 # (expires 1 year in the future) to prevent probs with certain versions
2178 # of IE
2179 #
2180 # Revision 1.51 2001/11/06 22:00:34 jhermann
2181 # Get debug level from ROUNDUP_DEBUG env var
2182 #
2183 # Revision 1.50 2001/11/05 23:45:40 richard
2184 # Fixed newuser_action so it sets the cookie with the unencrypted password.
2185 # Also made it present nicer error messages (not tracebacks).
2186 #
2187 # Revision 1.49 2001/11/04 03:07:12 richard
2188 # Fixed various cookie-related bugs:
2189 # . bug #477685 ] base64.decodestring breaks
2190 # . bug #477837 ] lynx does not like the cookie
2191 # . bug #477892 ] Password edit doesn't fix login cookie
2192 # Also closed a security hole - a logged-in user could edit another user's
2193 # details.
2194 #
2195 # Revision 1.48 2001/11/03 01:30:18 richard
2196 # Oops. uses pagefoot now.
2197 #
2198 # Revision 1.47 2001/11/03 01:29:28 richard
2199 # Login page didn't have all close tags.
2200 #
2201 # Revision 1.46 2001/11/03 01:26:55 richard
2202 # possibly fix truncated base64'ed user:pass
2203 #
2204 # Revision 1.45 2001/11/01 22:04:37 richard
2205 # Started work on supporting a pop3-fetching server
2206 # Fixed bugs:
2207 # . bug #477104 ] HTML tag error in roundup-server
2208 # . bug #477107 ] HTTP header problem
2209 #
2210 # Revision 1.44 2001/10/28 23:03:08 richard
2211 # Added more useful header to the classic schema.
2212 #
2213 # Revision 1.43 2001/10/24 00:01:42 richard
2214 # More fixes to lockout logic.
2215 #
2216 # Revision 1.42 2001/10/23 23:56:03 richard
2217 # HTML typo
2218 #
2219 # Revision 1.41 2001/10/23 23:52:35 richard
2220 # Fixed lock-out logic, thanks Roch'e for pointing out the problems.
2221 #
2222 # Revision 1.40 2001/10/23 23:06:39 richard
2223 # Some cleanup.
2224 #
2225 # Revision 1.39 2001/10/23 01:00:18 richard
2226 # Re-enabled login and registration access after lopping them off via
2227 # disabling access for anonymous users.
2228 # Major re-org of the htmltemplate code, cleaning it up significantly. Fixed
2229 # a couple of bugs while I was there. Probably introduced a couple, but
2230 # things seem to work OK at the moment.
2231 #
2232 # Revision 1.38 2001/10/22 03:25:01 richard
2233 # Added configuration for:
2234 # . anonymous user access and registration (deny/allow)
2235 # . filter "widget" location on index page (top, bottom, both)
2236 # Updated some documentation.
2237 #
2238 # Revision 1.37 2001/10/21 07:26:35 richard
2239 # feature #473127: Filenames. I modified the file.index and htmltemplate
2240 # source so that the filename is used in the link and the creation
2241 # information is displayed.
2242 #
2243 # Revision 1.36 2001/10/21 04:44:50 richard
2244 # bug #473124: UI inconsistency with Link fields.
2245 # This also prompted me to fix a fairly long-standing usability issue -
2246 # that of being able to turn off certain filters.
2247 #
2248 # Revision 1.35 2001/10/21 00:17:54 richard
2249 # CGI interface view customisation section may now be hidden (patch from
2250 # Roch'e Compaan.)
2251 #
2252 # Revision 1.34 2001/10/20 11:58:48 richard
2253 # Catch errors in login - no username or password supplied.
2254 # Fixed editing of password (Password property type) thanks Roch'e Compaan.
2255 #
2256 # Revision 1.33 2001/10/17 00:18:41 richard
2257 # Manually constructing cookie headers now.
2258 #
2259 # Revision 1.32 2001/10/16 03:36:21 richard
2260 # CGI interface wasn't handling checkboxes at all.
2261 #
2262 # Revision 1.31 2001/10/14 10:55:00 richard
2263 # Handle empty strings in HTML template Link function
2264 #
2265 # Revision 1.30 2001/10/09 07:38:58 richard
2266 # Pushed the base code for the extended schema CGI interface back into the
2267 # code cgi_client module so that future updates will be less painful.
2268 # Also removed a debugging print statement from cgi_client.
2269 #
2270 # Revision 1.29 2001/10/09 07:25:59 richard
2271 # Added the Password property type. See "pydoc roundup.password" for
2272 # implementation details. Have updated some of the documentation too.
2273 #
2274 # Revision 1.28 2001/10/08 00:34:31 richard
2275 # Change message was stuffing up for multilinks with no key property.
2276 #
2277 # Revision 1.27 2001/10/05 02:23:24 richard
2278 # . roundup-admin create now prompts for property info if none is supplied
2279 # on the command-line.
2280 # . hyperdb Class getprops() method may now return only the mutable
2281 # properties.
2282 # . Login now uses cookies, which makes it a whole lot more flexible. We can
2283 # now support anonymous user access (read-only, unless there's an
2284 # "anonymous" user, in which case write access is permitted). Login
2285 # handling has been moved into cgi_client.Client.main()
2286 # . The "extended" schema is now the default in roundup init.
2287 # . The schemas have had their page headings modified to cope with the new
2288 # login handling. Existing installations should copy the interfaces.py
2289 # file from the roundup lib directory to their instance home.
2290 # . Incorrectly had a Bizar Software copyright on the cgitb.py module from
2291 # Ping - has been removed.
2292 # . Fixed a whole bunch of places in the CGI interface where we should have
2293 # been returning Not Found instead of throwing an exception.
2294 # . Fixed a deviation from the spec: trying to modify the 'id' property of
2295 # an item now throws an exception.
2296 #
2297 # Revision 1.26 2001/09/12 08:31:42 richard
2298 # handle cases where mime type is not guessable
2299 #
2300 # Revision 1.25 2001/08/29 05:30:49 richard
2301 # change messages weren't being saved when there was no-one on the nosy list.
2302 #
2303 # Revision 1.24 2001/08/29 04:49:39 richard
2304 # didn't clean up fully after debugging :(
2305 #
2306 # Revision 1.23 2001/08/29 04:47:18 richard
2307 # Fixed CGI client change messages so they actually include the properties
2308 # changed (again).
2309 #
2310 # Revision 1.22 2001/08/17 00:08:10 richard
2311 # reverted back to sending messages always regardless of who is doing the web
2312 # edit. change notes weren't being saved. bleah. hackish.
2313 #
2314 # Revision 1.21 2001/08/15 23:43:18 richard
2315 # Fixed some isFooTypes that I missed.
2316 # Refactored some code in the CGI code.
2317 #
2318 # Revision 1.20 2001/08/12 06:32:36 richard
2319 # using isinstance(blah, Foo) now instead of isFooType
2320 #
2321 # Revision 1.19 2001/08/07 00:24:42 richard
2322 # stupid typo
2323 #
2324 # Revision 1.18 2001/08/07 00:15:51 richard
2325 # Added the copyright/license notice to (nearly) all files at request of
2326 # Bizar Software.
2327 #
2328 # Revision 1.17 2001/08/02 06:38:17 richard
2329 # Roundupdb now appends "mailing list" information to its messages which
2330 # include the e-mail address and web interface address. Templates may
2331 # override this in their db classes to include specific information (support
2332 # instructions, etc).
2333 #
2334 # Revision 1.16 2001/08/02 05:55:25 richard
2335 # Web edit messages aren't sent to the person who did the edit any more. No
2336 # message is generated if they are the only person on the nosy list.
2337 #
2338 # Revision 1.15 2001/08/02 00:34:10 richard
2339 # bleah syntax error
2340 #
2341 # Revision 1.14 2001/08/02 00:26:16 richard
2342 # Changed the order of the information in the message generated by web edits.
2343 #
2344 # Revision 1.13 2001/07/30 08:12:17 richard
2345 # Added time logging and file uploading to the templates.
2346 #
2347 # Revision 1.12 2001/07/30 06:26:31 richard
2348 # Added some documentation on how the newblah works.
2349 #
2350 # Revision 1.11 2001/07/30 06:17:45 richard
2351 # Features:
2352 # . Added ability for cgi newblah forms to indicate that the new node
2353 # should be linked somewhere.
2354 # Fixed:
2355 # . Fixed the agument handling for the roundup-admin find command.
2356 # . Fixed handling of summary when no note supplied for newblah. Again.
2357 # . Fixed detection of no form in htmltemplate Field display.
2358 #
2359 # Revision 1.10 2001/07/30 02:37:34 richard
2360 # Temporary measure until we have decent schema migration...
2361 #
2362 # Revision 1.9 2001/07/30 01:25:07 richard
2363 # Default implementation is now "classic" rather than "extended" as one would
2364 # expect.
2365 #
2366 # Revision 1.8 2001/07/29 08:27:40 richard
2367 # Fixed handling of passed-in values in form elements (ie. during a
2368 # drill-down)
2369 #
2370 # Revision 1.7 2001/07/29 07:01:39 richard
2371 # Added vim command to all source so that we don't get no steenkin' tabs :)
2372 #
2373 # Revision 1.6 2001/07/29 04:04:00 richard
2374 # Moved some code around allowing for subclassing to change behaviour.
2375 #
2376 # Revision 1.5 2001/07/28 08:16:52 richard
2377 # New issue form handles lack of note better now.
2378 #
2379 # Revision 1.4 2001/07/28 00:34:34 richard
2380 # Fixed some non-string node ids.
2381 #
2382 # Revision 1.3 2001/07/23 03:56:30 richard
2383 # oops, missed a config removal
2384 #
2385 # Revision 1.2 2001/07/22 12:09:32 richard
2386 # Final commit of Grande Splite
2387 #
2388 # Revision 1.1 2001/07/22 11:58:35 richard
2389 # More Grande Splite
2390 #
2391 #
2392 # vim: set filetype=python ts=4 sw=4 et si