1 #
2 # Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/)
3 # This module is free software, and you may redistribute it and/or modify
4 # under the same terms as Python, so long as this copyright message and
5 # disclaimer are retained in their original form.
6 #
7 # IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR
8 # DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
9 # OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE
10 # POSSIBILITY OF SUCH DAMAGE.
11 #
12 # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
13 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
14 # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS"
15 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
16 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
17 #
18 # $Id: cgi_client.py,v 1.146 2002-07-30 05:27:30 richard Exp $
20 __doc__ = """
21 WWW request handler (also used in the stand-alone server).
22 """
24 import os, cgi, StringIO, urlparse, re, traceback, mimetypes, urllib
25 import binascii, Cookie, time, random
27 import roundupdb, htmltemplate, date, hyperdb, password
28 from roundup.i18n import _
30 class Unauthorised(ValueError):
31 pass
33 class NotFound(ValueError):
34 pass
36 def initialiseSecurity(security):
37 ''' Create some Permissions and Roles on the security object
39 This function is directly invoked by security.Security.__init__()
40 as a part of the Security object instantiation.
41 '''
42 security.addPermission(name="Web Registration",
43 description="User may register through the web")
45 # doing Role stuff through the web - make sure Admin can
46 p = security.addPermission(name="Web Roles",
47 description="User may manipulate user Roles through the web")
48 security.addPermissionToRole('Admin', p)
50 class Client:
51 '''
52 A note about login
53 ------------------
55 If the user has no login cookie, then they are anonymous. There
56 are two levels of anonymous use. If there is no 'anonymous' user, there
57 is no login at all and the database is opened in read-only mode. If the
58 'anonymous' user exists, the user is logged in using that user (though
59 there is no cookie). This allows them to modify the database, and all
60 modifications are attributed to the 'anonymous' user.
62 Once a user logs in, they are assigned a session. The Client instance
63 keeps the nodeid of the session as the "session" attribute.
64 '''
66 def __init__(self, instance, request, env, form=None):
67 hyperdb.traceMark()
68 self.instance = instance
69 self.request = request
70 self.env = env
71 self.path = env['PATH_INFO']
72 self.split_path = self.path.split('/')
73 self.instance_path_name = env['INSTANCE_NAME']
74 url = self.env['SCRIPT_NAME'] + '/'
75 machine = self.env['SERVER_NAME']
76 port = self.env['SERVER_PORT']
77 if port != '80': machine = machine + ':' + port
78 self.base = urlparse.urlunparse(('http', env['HTTP_HOST'], url,
79 None, None, None))
81 if form is None:
82 self.form = cgi.FieldStorage(environ=env)
83 else:
84 self.form = form
85 self.headers_done = 0
86 try:
87 self.debug = int(env.get("ROUNDUP_DEBUG", 0))
88 except ValueError:
89 # someone gave us a non-int debug level, turn it off
90 self.debug = 0
92 def getuid(self):
93 try:
94 return self.db.user.lookup(self.user)
95 except KeyError:
96 if self.user is None:
97 # user is not logged in and username 'anonymous' doesn't
98 # exist in the database
99 err = _('anonymous users have read-only access only')
100 else:
101 err = _("sanity check: unknown user name `%s'")%self.user
102 raise Unauthorised, errmsg
104 def header(self, headers=None, response=200):
105 '''Put up the appropriate header.
106 '''
107 if headers is None:
108 headers = {'Content-Type':'text/html'}
109 if not headers.has_key('Content-Type'):
110 headers['Content-Type'] = 'text/html'
111 self.request.send_response(response)
112 for entry in headers.items():
113 self.request.send_header(*entry)
114 self.request.end_headers()
115 self.headers_done = 1
116 if self.debug:
117 self.headers_sent = headers
119 global_javascript = '''
120 <script language="javascript">
121 submitted = false;
122 function submit_once() {
123 if (submitted) {
124 alert("Your request is being processed.\\nPlease be patient.");
125 return 0;
126 }
127 submitted = true;
128 return 1;
129 }
131 function help_window(helpurl, width, height) {
132 HelpWin = window.open('%(base)s%(instance_path_name)s/' + helpurl, 'RoundupHelpWindow', 'scrollbars=yes,resizable=yes,toolbar=no,height='+height+',width='+width);
133 }
135 </script>
136 '''
137 def make_index_link(self, name):
138 '''Turn a configuration entry into a hyperlink...
139 '''
140 # get the link label and spec
141 spec = getattr(self.instance, name+'_INDEX')
143 d = {}
144 d[':sort'] = ','.join(map(urllib.quote, spec['SORT']))
145 d[':group'] = ','.join(map(urllib.quote, spec['GROUP']))
146 d[':filter'] = ','.join(map(urllib.quote, spec['FILTER']))
147 d[':columns'] = ','.join(map(urllib.quote, spec['COLUMNS']))
148 d[':pagesize'] = spec.get('PAGESIZE','50')
150 # snarf the filterspec
151 filterspec = spec['FILTERSPEC'].copy()
153 # now format the filterspec
154 for k, l in filterspec.items():
155 # fix up the CURRENT USER if needed (handle None too since that's
156 # the old flag value)
157 if l in (None, 'CURRENT USER'):
158 if not self.user:
159 continue
160 l = [self.db.user.lookup(self.user)]
162 # add
163 d[urllib.quote(k)] = ','.join(map(urllib.quote, l))
165 # finally, format the URL
166 return '<a href="%s?%s">%s</a>'%(spec['CLASS'],
167 '&'.join([k+'='+v for k,v in d.items()]), spec['LABEL'])
170 def pagehead(self, title, message=None):
171 '''Display the page heading, with information about the tracker and
172 links to more information
173 '''
175 # include any important message
176 if message is not None:
177 message = _('<div class="system-msg">%(message)s</div>')%locals()
178 else:
179 message = ''
181 # style sheet (CSS)
182 style = open(os.path.join(self.instance.TEMPLATES, 'style.css')).read()
184 # figure who the user is
185 user_name = self.user
186 userid = self.db.user.lookup(user_name)
188 # figure all the header links
189 if hasattr(self.instance, 'HEADER_INDEX_LINKS'):
190 links = []
191 for name in self.instance.HEADER_INDEX_LINKS:
192 spec = getattr(self.instance, name + '_INDEX')
193 # skip if we need to fill in the logged-in user id and
194 # we're anonymous
195 if (spec['FILTERSPEC'].has_key('assignedto') and
196 spec['FILTERSPEC']['assignedto'] in ('CURRENT USER',
197 None) and user_name == 'anonymous'):
198 continue
199 links.append(self.make_index_link(name))
200 else:
201 # no config spec - hard-code
202 links = [
203 _('All <a href="issue?status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>'),
204 _('Unassigned <a href="issue?assignedto=-1&status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status,assignedto&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>')
205 ]
207 user_info = _('<a href="login">Login</a>')
208 add_links = ''
209 if user_name != 'anonymous':
210 # add any personal queries to the menu
211 try:
212 queries = self.db.getclass('query')
213 except KeyError:
214 # no query class
215 queries = self.instance.dbinit.Class(self.db, "query",
216 klass=hyperdb.String(), name=hyperdb.String(),
217 url=hyperdb.String())
218 queries.setkey('name')
219 #queries.disableJournalling()
220 try:
221 qids = self.db.getclass('user').get(userid, 'queries')
222 except KeyError, e:
223 #self.db.getclass('user').addprop(queries=hyperdb.Multilink('query'))
224 qids = []
225 for qid in qids:
226 links.append('<a href=%s?%s>%s</a>'%(queries.get(qid, 'klass'),
227 queries.get(qid, 'url'), queries.get(qid, 'name')))
229 # if they're logged in, include links to their information,
230 # and the ability to add an issue
231 user_info = _('''
232 <a href="user%(userid)s">My Details</a> | <a href="logout">Logout</a>
233 ''')%locals()
235 # figure the "add class" links
236 if hasattr(self.instance, 'HEADER_ADD_LINKS'):
237 classes = self.instance.HEADER_ADD_LINKS
238 else:
239 classes = ['issue']
240 l = []
241 for class_name in classes:
242 # make sure the user has permission to add
243 if not self.db.security.hasPermission('Edit', userid, class_name):
244 continue
245 cap_class = class_name.capitalize()
246 links.append(_('Add <a href="new%(class_name)s">'
247 '%(cap_class)s</a>')%locals())
249 # if the user can edit everything, include the links
250 admin_links = ''
251 userid = self.db.user.lookup(user_name)
252 if self.db.security.hasPermission('Edit', userid):
253 links.append(_('<a href="list_classes">Class List</a>'))
254 links.append(_('<a href="user?:sort=username&:group=roles">User List</a>'))
255 links.append(_('<a href="newuser">Add User</a>'))
257 # add the search links
258 if hasattr(self.instance, 'HEADER_SEARCH_LINKS'):
259 classes = self.instance.HEADER_SEARCH_LINKS
260 else:
261 classes = ['issue']
262 l = []
263 for class_name in classes:
264 # make sure the user has permission to view
265 if not self.db.security.hasPermission('View', userid, class_name):
266 continue
267 cap_class = class_name.capitalize()
268 links.append(_('Search <a href="search%(class_name)s">'
269 '%(cap_class)s</a>')%locals())
271 # now we have all the links, join 'em
272 links = '\n | '.join(links)
274 # include the javascript bit
275 global_javascript = self.global_javascript%self.__dict__
277 # finally, format the header
278 self.write(_('''<html><head>
279 <title>%(title)s</title>
280 <style type="text/css">%(style)s</style>
281 </head>
282 %(global_javascript)s
283 <body bgcolor=#ffffff>
284 %(message)s
285 <table width=100%% border=0 cellspacing=0 cellpadding=2>
286 <tr class="location-bar">
287 <td><big><strong>%(title)s</strong></big></td>
288 <td align=right valign=bottom>%(user_name)s</td>
289 </tr>
290 <tr class="location-bar">
291 <td align=left>%(links)s</td>
292 <td align=right>%(user_info)s</td>
293 </tr>
294 </table><br>
295 ''')%locals())
297 def pagefoot(self):
298 if self.debug:
299 self.write(_('<hr><small><dl><dt><b>Path</b></dt>'))
300 self.write('<dd>%s</dd>'%(', '.join(map(repr, self.split_path))))
301 keys = self.form.keys()
302 keys.sort()
303 if keys:
304 self.write(_('<dt><b>Form entries</b></dt>'))
305 for k in self.form.keys():
306 v = self.form.getvalue(k, "<empty>")
307 if type(v) is type([]):
308 # Multiple username fields specified
309 v = "|".join(v)
310 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
311 keys = self.headers_sent.keys()
312 keys.sort()
313 self.write(_('<dt><b>Sent these HTTP headers</b></dt>'))
314 for k in keys:
315 v = self.headers_sent[k]
316 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
317 keys = self.env.keys()
318 keys.sort()
319 self.write(_('<dt><b>CGI environment</b></dt>'))
320 for k in keys:
321 v = self.env[k]
322 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
323 self.write('</dl></small>')
324 self.write('</body></html>')
326 def write(self, content):
327 if not self.headers_done:
328 self.header()
329 self.request.wfile.write(content)
331 def index_arg(self, arg):
332 ''' handle the args to index - they might be a list from the form
333 (ie. submitted from a form) or they might be a command-separated
334 single string (ie. manually constructed GET args)
335 '''
336 if self.form.has_key(arg):
337 arg = self.form[arg]
338 if type(arg) == type([]):
339 return [arg.value for arg in arg]
340 return arg.value.split(',')
341 return []
343 def index_sort(self):
344 # first try query string
345 x = self.index_arg(':sort')
346 if x:
347 return x
348 # nope - get the specs out of the form
349 specs = []
350 for colnm in self.db.getclass(self.classname).getprops().keys():
351 desc = ''
352 try:
353 spec = self.form[':%s_ss' % colnm]
354 except KeyError:
355 continue
356 spec = spec.value
357 if spec:
358 if spec[-1] == '-':
359 desc='-'
360 spec = spec[0]
361 specs.append((int(spec), colnm, desc))
362 specs.sort()
363 x = []
364 for _, colnm, desc in specs:
365 x.append('%s%s' % (desc, colnm))
366 return x
368 def index_filterspec(self, filter, classname=None):
369 ''' pull the index filter spec from the form
371 Links and multilinks want to be lists - the rest are straight
372 strings.
373 '''
374 if classname is None:
375 classname = self.classname
376 klass = self.db.getclass(classname)
377 filterspec = {}
378 props = klass.getprops()
379 for colnm in filter:
380 widget = ':%s_fs' % colnm
381 try:
382 val = self.form[widget]
383 except KeyError:
384 try:
385 val = self.form[colnm]
386 except KeyError:
387 # they checked the filter box but didn't enter a value
388 continue
389 propdescr = props.get(colnm, None)
390 if propdescr is None:
391 print "huh? %r is in filter & form, but not in Class!" % colnm
392 raise "butthead programmer"
393 if (isinstance(propdescr, hyperdb.Link) or
394 isinstance(propdescr, hyperdb.Multilink)):
395 if type(val) == type([]):
396 val = [arg.value for arg in val]
397 else:
398 val = val.value.split(',')
399 l = filterspec.get(colnm, [])
400 l = l + val
401 filterspec[colnm] = l
402 else:
403 filterspec[colnm] = val.value
405 return filterspec
407 def customization_widget(self):
408 ''' The customization widget is visible by default. The widget
409 visibility is remembered by show_customization. Visibility
410 is not toggled if the action value is "Redisplay"
411 '''
412 if not self.form.has_key('show_customization'):
413 visible = 1
414 else:
415 visible = int(self.form['show_customization'].value)
416 if self.form.has_key('action'):
417 if self.form['action'].value != 'Redisplay':
418 visible = self.form['action'].value == '+'
420 return visible
422 # TODO: make this go away some day...
423 default_index_sort = ['-activity']
424 default_index_group = ['priority']
425 default_index_filter = ['status']
426 default_index_columns = ['id','activity','title','status','assignedto']
427 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
428 default_pagesize = '50'
430 def _get_customisation_info(self):
431 # see if the web has supplied us with any customisation info
432 for key in ':sort', ':group', ':filter', ':columns', ':pagesize':
433 if self.form.has_key(key):
434 # make list() extract the info from the CGI environ
435 self.classname = 'issue'
436 sort = group = filter = columns = filterspec = pagesize = None
437 break
438 else:
439 # TODO: look up the session first
440 # try the instance config first
441 if hasattr(self.instance, 'DEFAULT_INDEX'):
442 d = self.instance.DEFAULT_INDEX
443 self.classname = d['CLASS']
444 sort = d['SORT']
445 group = d['GROUP']
446 filter = d['FILTER']
447 columns = d['COLUMNS']
448 filterspec = d['FILTERSPEC']
449 pagesize = d.get('PAGESIZE', '50')
450 else:
451 # nope - fall back on the old way of doing it
452 self.classname = 'issue'
453 sort = self.default_index_sort
454 group = self.default_index_group
455 filter = self.default_index_filter
456 columns = self.default_index_columns
457 filterspec = self.default_index_filterspec
458 pagesize = self.default_pagesize
459 return columns, filter, group, sort, filterspec, pagesize
461 def index(self):
462 ''' put up an index - no class specified
463 '''
464 columns, filter, group, sort, filterspec, pagesize = \
465 self._get_customisation_info()
466 return self.list(columns=columns, filter=filter, group=group,
467 sort=sort, filterspec=filterspec, pagesize=pagesize)
469 def searchnode(self):
470 columns, filter, group, sort, filterspec, pagesize = \
471 self._get_customisation_info()
472 cn = self.classname
473 self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
474 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
475 index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
476 self.write('<form onSubmit="return submit_once()" action="%s">\n'%self.classname)
477 all_columns = self.db.getclass(cn).getprops().keys()
478 all_columns.sort()
479 index.filter_section('', filter, columns, group, all_columns, sort,
480 filterspec, pagesize, 0)
481 self.pagefoot()
482 index.db = index.cl = index.properties = None
483 index.clear()
485 # XXX deviates from spec - loses the '+' (that's a reserved character
486 # in URLS
487 def list(self, sort=None, group=None, filter=None, columns=None,
488 filterspec=None, show_customization=None, show_nodes=1,
489 pagesize=None):
490 ''' call the template index with the args
492 :sort - sort by prop name, optionally preceeded with '-'
493 to give descending or nothing for ascending sorting.
494 :group - group by prop name, optionally preceeded with '-' or
495 to sort in descending or nothing for ascending order.
496 :filter - selects which props should be displayed in the filter
497 section. Default is all.
498 :columns - selects the columns that should be displayed.
499 Default is all.
501 '''
502 cn = self.classname
503 cl = self.db.classes[cn]
504 if sort is None: sort = self.index_sort()
505 if group is None: group = self.index_arg(':group')
506 if filter is None: filter = self.index_arg(':filter')
507 if columns is None: columns = self.index_arg(':columns')
508 if filterspec is None: filterspec = self.index_filterspec(filter)
509 if show_customization is None:
510 show_customization = self.customization_widget()
511 if self.form.has_key('search_text'):
512 search_text = self.form['search_text'].value
513 else:
514 search_text = ''
515 if pagesize is None:
516 if self.form.has_key(':pagesize'):
517 pagesize = self.form[':pagesize'].value
518 else:
519 pagesize = '50'
520 pagesize = int(pagesize)
521 if self.form.has_key(':startwith'):
522 startwith = int(self.form[':startwith'].value)
523 else:
524 startwith = 0
526 if self.form.has_key('Query') and self.form['Query'].value == 'Save':
527 # format a query string
528 qd = {}
529 qd[':sort'] = ','.join(map(urllib.quote, sort))
530 qd[':group'] = ','.join(map(urllib.quote, group))
531 qd[':filter'] = ','.join(map(urllib.quote, filter))
532 qd[':columns'] = ','.join(map(urllib.quote, columns))
533 for k, l in filterspec.items():
534 qd[urllib.quote(k)] = ','.join(map(urllib.quote, l))
535 url = '&'.join([k+'='+v for k,v in qd.items()])
536 url += '&:pagesize=%s' % pagesize
537 if search_text:
538 url += '&search_text=%s' % search_text
540 # create a query
541 d = {}
542 d['name'] = nm = self.form[':name'].value
543 if not nm:
544 d['name'] = nm = 'New Query'
545 d['klass'] = self.form[':classname'].value
546 d['url'] = url
547 qid = self.db.getclass('query').create(**d)
549 # and add it to the user's query multilink
550 uid = self.getuid()
551 usercl = self.db.getclass('user')
552 queries = usercl.get(uid, 'queries')
553 queries.append(qid)
554 usercl.set(uid, queries=queries)
556 self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
557 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
559 index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
560 try:
561 index.render(filterspec, search_text, filter, columns, sort,
562 group, show_customization=show_customization,
563 show_nodes=show_nodes, pagesize=pagesize, startwith=startwith)
564 except htmltemplate.MissingTemplateError:
565 self.basicClassEditPage()
566 self.pagefoot()
568 def basicClassEditPage(self):
569 '''Display a basic edit page that allows simple editing of the
570 nodes of the current class
571 '''
572 userid = self.db.user.lookup(self.user)
573 if not self.db.security.hasPermission('Edit', userid):
574 raise Unauthorised, _("You do not have permission to access"\
575 " %(action)s.")%{'action': self.classname}
576 w = self.write
577 cn = self.classname
578 cl = self.db.classes[cn]
579 idlessprops = cl.getprops(protected=0).keys()
580 props = ['id'] + idlessprops
582 # get the CSV module
583 try:
584 import csv
585 except ImportError:
586 w(_('Sorry, you need the csv module to use this function.<br>\n'
587 'Get it from: <a href="http://www.object-craft.com.au/projects/csv/">http://www.object-craft.com.au/projects/csv/'))
588 return
590 # do the edit
591 if self.form.has_key('rows'):
592 rows = self.form['rows'].value.splitlines()
593 p = csv.parser()
594 found = {}
595 line = 0
596 for row in rows:
597 line += 1
598 values = p.parse(row)
599 # not a complete row, keep going
600 if not values: continue
602 # extract the nodeid
603 nodeid, values = values[0], values[1:]
604 found[nodeid] = 1
606 # confirm correct weight
607 if len(idlessprops) != len(values):
608 w(_('Not enough values on line %(line)s'%{'line':line}))
609 return
611 # extract the new values
612 d = {}
613 for name, value in zip(idlessprops, values):
614 value = value.strip()
615 # only add the property if it has a value
616 if value:
617 # if it's a multilink, split it
618 if isinstance(cl.properties[name], hyperdb.Multilink):
619 value = value.split(':')
620 d[name] = value
622 # perform the edit
623 if cl.hasnode(nodeid):
624 # edit existing
625 cl.set(nodeid, **d)
626 else:
627 # new node
628 found[cl.create(**d)] = 1
630 # retire the removed entries
631 for nodeid in cl.list():
632 if not found.has_key(nodeid):
633 cl.retire(nodeid)
635 w(_('''<p class="form-help">You may edit the contents of the
636 "%(classname)s" class using this form. Commas, newlines and double
637 quotes (") must be handled delicately. You may include commas and
638 newlines by enclosing the values in double-quotes ("). Double
639 quotes themselves must be quoted by doubling ("").</p>
640 <p class="form-help">Multilink properties have their multiple
641 values colon (":") separated (... ,"one:two:three", ...)</p>
642 <p class="form-help">Remove entries by deleting their line. Add
643 new entries by appending
644 them to the table - put an X in the id column.</p>''')%{'classname':cn})
646 l = []
647 for name in props:
648 l.append(name)
649 w('<tt>')
650 w(', '.join(l) + '\n')
651 w('</tt>')
653 w('<form onSubmit="return submit_once()" method="POST">')
654 w('<textarea name="rows" cols=80 rows=15>')
655 p = csv.parser()
656 for nodeid in cl.list():
657 l = []
658 for name in props:
659 value = cl.get(nodeid, name)
660 if value is None:
661 l.append('')
662 elif isinstance(value, type([])):
663 l.append(cgi.escape(':'.join(map(str, value))))
664 else:
665 l.append(cgi.escape(str(cl.get(nodeid, name))))
666 w(p.join(l) + '\n')
668 w(_('</textarea><br><input type="submit" value="Save Changes"></form>'))
670 def classhelp(self):
671 '''Display a table of class info
672 '''
673 w = self.write
674 cn = self.form['classname'].value
675 cl = self.db.classes[cn]
676 props = self.form['properties'].value.split(',')
677 if cl.labelprop(1) in props:
678 sort = [cl.labelprop(1)]
679 else:
680 sort = props[0]
682 w('<table border=1 cellspacing=0 cellpaddin=2>')
683 w('<tr>')
684 for name in props:
685 w('<th align=left>%s</th>'%name)
686 w('</tr>')
687 for nodeid in cl.filter(None, {}, sort, []): #cl.list():
688 w('<tr>')
689 for name in props:
690 value = cgi.escape(str(cl.get(nodeid, name)))
691 w('<td align="left" valign="top">%s</td>'%value)
692 w('</tr>')
693 w('</table>')
695 def shownode(self, message=None, num_re=re.compile('^\d+$')):
696 ''' display an item
697 '''
698 cn = self.classname
699 cl = self.db.classes[cn]
700 if self.form.has_key(':multilink'):
701 link = self.form[':multilink'].value
702 designator, linkprop = link.split(':')
703 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
704 else:
705 xtra = ''
707 # possibly perform an edit
708 keys = self.form.keys()
709 # don't try to set properties if the user has just logged in
710 if keys and not self.form.has_key('__login_name'):
711 try:
712 props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
713 # make changes to the node
714 self._changenode(props)
715 # handle linked nodes
716 self._post_editnode(self.nodeid)
717 # and some nice feedback for the user
718 if props:
719 message = _('%(changes)s edited ok')%{'changes':
720 ', '.join(props.keys())}
721 elif self.form.has_key('__note') and self.form['__note'].value:
722 message = _('note added')
723 elif (self.form.has_key('__file') and
724 self.form['__file'].filename):
725 message = _('file added')
726 else:
727 message = _('nothing changed')
728 except:
729 self.db.rollback()
730 s = StringIO.StringIO()
731 traceback.print_exc(None, s)
732 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
734 # now the display
735 id = self.nodeid
736 if cl.getkey():
737 id = cl.get(id, cl.getkey())
738 self.pagehead('%s: %s %s'%(self.classname.capitalize(), id, xtra),
739 message)
741 nodeid = self.nodeid
743 # use the template to display the item
744 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
745 self.classname)
746 item.render(nodeid)
748 self.pagefoot()
749 showissue = shownode
750 showmsg = shownode
751 searchissue = searchnode
753 def showquery(self):
754 queries = self.db.getclass(self.classname)
755 if self.form.keys():
756 sort = self.index_sort()
757 group = self.index_arg(':group')
758 filter = self.index_arg(':filter')
759 columns = self.index_arg(':columns')
760 filterspec = self.index_filterspec(filter, queries.get(self.nodeid, 'klass'))
761 if self.form.has_key('search_text'):
762 search_text = self.form['search_text'].value
763 else:
764 search_text = ''
765 if self.form.has_key(':pagesize'):
766 pagesize = int(self.form[':pagesize'].value)
767 else:
768 pagesize = 50
769 # format a query string
770 qd = {}
771 qd[':sort'] = ','.join(map(urllib.quote, sort))
772 qd[':group'] = ','.join(map(urllib.quote, group))
773 qd[':filter'] = ','.join(map(urllib.quote, filter))
774 qd[':columns'] = ','.join(map(urllib.quote, columns))
775 for k, l in filterspec.items():
776 qd[urllib.quote(k)] = ','.join(map(urllib.quote, l))
777 url = '&'.join([k+'='+v for k,v in qd.items()])
778 url += '&:pagesize=%s' % pagesize
779 if search_text:
780 url += '&search_text=%s' % search_text
781 qname = self.form['name'].value
782 chgd = []
783 if qname != queries.get(self.nodeid, 'name'):
784 chgd.append('name')
785 if url != queries.get(self.nodeid, 'url'):
786 chgd.append('url')
787 if chgd:
788 queries.set(self.nodeid, name=qname, url=url)
789 message = _('%(changes)s edited ok')%{'changes': ', '.join(chgd)}
790 else:
791 message = _('nothing changed')
792 else:
793 message = None
794 nm = queries.get(self.nodeid, 'name')
795 self.pagehead('%s: %s'%(self.classname.capitalize(), nm), message)
797 # use the template to display the item
798 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
799 self.classname)
800 item.render(self.nodeid)
801 self.pagefoot()
803 def _changenode(self, props):
804 ''' change the node based on the contents of the form
805 '''
806 cl = self.db.classes[self.classname]
808 # create the message
809 message, files = self._handle_message()
810 if message:
811 props['messages'] = cl.get(self.nodeid, 'messages') + [message]
812 if files:
813 props['files'] = cl.get(self.nodeid, 'files') + files
815 # make the changes
816 cl.set(self.nodeid, **props)
818 def _createnode(self):
819 ''' create a node based on the contents of the form
820 '''
821 cl = self.db.classes[self.classname]
822 props = parsePropsFromForm(self.db, cl, self.form)
824 # check for messages and files
825 message, files = self._handle_message()
826 if message:
827 props['messages'] = [message]
828 if files:
829 props['files'] = files
830 # create the node and return it's id
831 return cl.create(**props)
833 def _handle_message(self):
834 ''' generate an edit message
835 '''
836 # handle file attachments
837 files = []
838 if self.form.has_key('__file'):
839 file = self.form['__file']
840 if file.filename:
841 filename = file.filename.split('\\')[-1]
842 mime_type = mimetypes.guess_type(filename)[0]
843 if not mime_type:
844 mime_type = "application/octet-stream"
845 # create the new file entry
846 files.append(self.db.file.create(type=mime_type,
847 name=filename, content=file.file.read()))
849 # we don't want to do a message if none of the following is true...
850 cn = self.classname
851 cl = self.db.classes[self.classname]
852 props = cl.getprops()
853 note = None
854 # in a nutshell, don't do anything if there's no note or there's no
855 # NOSY
856 if self.form.has_key('__note'):
857 note = self.form['__note'].value.strip()
858 if not note:
859 return None, files
860 if not props.has_key('messages'):
861 return None, files
862 if not isinstance(props['messages'], hyperdb.Multilink):
863 return None, files
864 if not props['messages'].classname == 'msg':
865 return None, files
866 if not (self.form.has_key('nosy') or note):
867 return None, files
869 # handle the note
870 if '\n' in note:
871 summary = re.split(r'\n\r?', note)[0]
872 else:
873 summary = note
874 m = ['%s\n'%note]
876 # handle the messageid
877 # TODO: handle inreplyto
878 messageid = "<%s.%s.%s@%s>"%(time.time(), random.random(),
879 self.classname, self.instance.MAIL_DOMAIN)
881 # now create the message, attaching the files
882 content = '\n'.join(m)
883 message_id = self.db.msg.create(author=self.getuid(),
884 recipients=[], date=date.Date('.'), summary=summary,
885 content=content, files=files, messageid=messageid)
887 # update the messages property
888 return message_id, files
890 def _post_editnode(self, nid):
891 '''Do the linking part of the node creation.
893 If a form element has :link or :multilink appended to it, its
894 value specifies a node designator and the property on that node
895 to add _this_ node to as a link or multilink.
897 This is typically used on, eg. the file upload page to indicated
898 which issue to link the file to.
900 TODO: I suspect that this and newfile will go away now that
901 there's the ability to upload a file using the issue __file form
902 element!
903 '''
904 cn = self.classname
905 cl = self.db.classes[cn]
906 # link if necessary
907 keys = self.form.keys()
908 for key in keys:
909 if key == ':multilink':
910 value = self.form[key].value
911 if type(value) != type([]): value = [value]
912 for value in value:
913 designator, property = value.split(':')
914 link, nodeid = roundupdb.splitDesignator(designator)
915 link = self.db.classes[link]
916 # take a dupe of the list so we're not changing the cache
917 value = link.get(nodeid, property)[:]
918 value.append(nid)
919 link.set(nodeid, **{property: value})
920 elif key == ':link':
921 value = self.form[key].value
922 if type(value) != type([]): value = [value]
923 for value in value:
924 designator, property = value.split(':')
925 link, nodeid = roundupdb.splitDesignator(designator)
926 link = self.db.classes[link]
927 link.set(nodeid, **{property: nid})
929 def newnode(self, message=None):
930 ''' Add a new node to the database.
932 The form works in two modes: blank form and submission (that is,
933 the submission goes to the same URL). **Eventually this means that
934 the form will have previously entered information in it if
935 submission fails.
937 The new node will be created with the properties specified in the
938 form submission. For multilinks, multiple form entries are handled,
939 as are prop=value,value,value. You can't mix them though.
941 If the new node is to be referenced from somewhere else immediately
942 (ie. the new node is a file that is to be attached to a support
943 issue) then supply one of these arguments in addition to the usual
944 form entries:
945 :link=designator:property
946 :multilink=designator:property
947 ... which means that once the new node is created, the "property"
948 on the node given by "designator" should now reference the new
949 node's id. The node id will be appended to the multilink.
950 '''
951 cn = self.classname
952 userid = self.db.user.lookup(self.user)
953 if not self.db.security.hasPermission('View', userid, cn):
954 raise Unauthorised, _("You do not have permission to access"\
955 " %(action)s.")%{'action': self.classname}
956 cl = self.db.classes[cn]
957 if self.form.has_key(':multilink'):
958 link = self.form[':multilink'].value
959 designator, linkprop = link.split(':')
960 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
961 else:
962 xtra = ''
964 # possibly perform a create
965 keys = self.form.keys()
966 if [i for i in keys if i[0] != ':']:
967 # no dice if you can't edit!
968 if not self.db.security.hasPermission('Edit', userid, cn):
969 raise Unauthorised, _("You do not have permission to access"\
970 " %(action)s.")%{'action': 'new'+self.classname}
971 props = {}
972 try:
973 nid = self._createnode()
974 # handle linked nodes
975 self._post_editnode(nid)
976 # and some nice feedback for the user
977 message = _('%(classname)s created ok')%{'classname': cn}
979 # render the newly created issue
980 self.db.commit()
981 self.nodeid = nid
982 self.pagehead('%s: %s'%(self.classname.capitalize(), nid),
983 message)
984 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
985 self.classname)
986 item.render(nid)
987 self.pagefoot()
988 return
989 except:
990 self.db.rollback()
991 s = StringIO.StringIO()
992 traceback.print_exc(None, s)
993 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
994 self.pagehead(_('New %(classname)s %(xtra)s')%{
995 'classname': self.classname.capitalize(),
996 'xtra': xtra }, message)
998 # call the template
999 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1000 self.classname)
1001 newitem.render(self.form)
1003 self.pagefoot()
1004 newissue = newnode
1006 def newuser(self, message=None):
1007 ''' Add a new user to the database.
1009 Don't do any of the message or file handling, just create the node.
1010 '''
1011 userid = self.db.user.lookup(self.user)
1012 if not self.db.security.hasPermission('Edit', userid, 'user'):
1013 raise Unauthorised, _("You do not have permission to access"\
1014 " %(action)s.")%{'action': 'newuser'}
1016 cn = self.classname
1017 cl = self.db.classes[cn]
1019 # possibly perform a create
1020 keys = self.form.keys()
1021 if [i for i in keys if i[0] != ':']:
1022 try:
1023 props = parsePropsFromForm(self.db, cl, self.form)
1024 nid = cl.create(**props)
1025 # handle linked nodes
1026 self._post_editnode(nid)
1027 # and some nice feedback for the user
1028 message = _('%(classname)s created ok')%{'classname': cn}
1029 except:
1030 self.db.rollback()
1031 s = StringIO.StringIO()
1032 traceback.print_exc(None, s)
1033 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1034 self.pagehead(_('New %(classname)s')%{'classname':
1035 self.classname.capitalize()}, message)
1037 # call the template
1038 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1039 self.classname)
1040 newitem.render(self.form)
1042 self.pagefoot()
1044 def newfile(self, message=None):
1045 ''' Add a new file to the database.
1047 This form works very much the same way as newnode - it just has a
1048 file upload.
1049 '''
1050 userid = self.db.user.lookup(self.user)
1051 if not self.db.security.hasPermission('Edit', userid, 'file'):
1052 raise Unauthorised, _("You do not have permission to access"\
1053 " %(action)s.")%{'action': 'newfile'}
1054 cn = self.classname
1055 cl = self.db.classes[cn]
1056 props = parsePropsFromForm(self.db, cl, self.form)
1057 if self.form.has_key(':multilink'):
1058 link = self.form[':multilink'].value
1059 designator, linkprop = link.split(':')
1060 xtra = ' for <a href="%s">%s</a>' % (designator, designator)
1061 else:
1062 xtra = ''
1064 # possibly perform a create
1065 keys = self.form.keys()
1066 if [i for i in keys if i[0] != ':']:
1067 try:
1068 file = self.form['content']
1069 mime_type = mimetypes.guess_type(file.filename)[0]
1070 if not mime_type:
1071 mime_type = "application/octet-stream"
1072 # save the file
1073 props['type'] = mime_type
1074 props['name'] = file.filename
1075 props['content'] = file.file.read()
1076 nid = cl.create(**props)
1077 # handle linked nodes
1078 self._post_editnode(nid)
1079 # and some nice feedback for the user
1080 message = _('%(classname)s created ok')%{'classname': cn}
1081 except:
1082 self.db.rollback()
1083 s = StringIO.StringIO()
1084 traceback.print_exc(None, s)
1085 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1087 self.pagehead(_('New %(classname)s %(xtra)s')%{
1088 'classname': self.classname.capitalize(),
1089 'xtra': xtra }, message)
1090 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
1091 self.classname)
1092 newitem.render(self.form)
1093 self.pagefoot()
1095 def showuser(self, message=None, num_re=re.compile('^\d+$')):
1096 '''Display a user page for editing. Make sure the user is allowed
1097 to edit this node, and also check for password changes.
1098 '''
1099 user = self.db.user
1101 # get the username of the node being edited
1102 try:
1103 node_user = user.get(self.nodeid, 'username')
1104 except IndexError:
1105 raise NotFound, 'user%s'%self.nodeid
1107 # ok, so we need to be able to edit everything, or be this node's
1108 # user
1109 userid = self.db.user.lookup(self.user)
1110 if (not self.db.security.hasPermission('Edit', userid)
1111 and self.user != node_user):
1112 raise Unauthorised, _("You do not have permission to access"\
1113 " %(action)s.")%{'action': self.classname +
1114 str(self.nodeid)}
1116 #
1117 # perform any editing
1118 #
1119 keys = self.form.keys()
1120 if keys:
1121 try:
1122 props = parsePropsFromForm(self.db, user, self.form,
1123 self.nodeid)
1124 set_cookie = 0
1125 if props.has_key('password'):
1126 password = self.form['password'].value.strip()
1127 if not password:
1128 # no password was supplied - don't change it
1129 del props['password']
1130 elif self.nodeid == self.getuid():
1131 # this is the logged-in user's password
1132 set_cookie = password
1133 user.set(self.nodeid, **props)
1134 # and some feedback for the user
1135 message = _('%(changes)s edited ok')%{'changes':
1136 ', '.join(props.keys())}
1137 except:
1138 self.db.rollback()
1139 s = StringIO.StringIO()
1140 traceback.print_exc(None, s)
1141 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
1142 else:
1143 set_cookie = 0
1145 # fix the cookie if the password has changed
1146 if set_cookie:
1147 self.set_cookie(self.user, set_cookie)
1149 #
1150 # now the display
1151 #
1152 self.pagehead(_('User: %(user)s')%{'user': node_user}, message)
1154 # use the template to display the item
1155 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES, 'user')
1156 item.render(self.nodeid)
1157 self.pagefoot()
1159 def showfile(self):
1160 ''' display a file
1161 '''
1162 nodeid = self.nodeid
1163 cl = self.db.classes[self.classname]
1164 try:
1165 mime_type = cl.get(nodeid, 'type')
1166 except IndexError:
1167 raise NotFound, 'file%s'%nodeid
1168 if mime_type == 'message/rfc822':
1169 mime_type = 'text/plain'
1170 self.header(headers={'Content-Type': mime_type})
1171 self.write(cl.get(nodeid, 'content'))
1173 def permission(self):
1174 '''
1175 '''
1177 def classes(self, message=None):
1178 ''' display a list of all the classes in the database
1179 '''
1180 userid = self.db.user.lookup(self.user)
1181 raise Unauthorised, _("You do not have permission to access"\
1182 " %(action)s.")%{'action': 'all classes'}
1184 self.pagehead(_('Table of classes'), message)
1185 classnames = self.db.classes.keys()
1186 classnames.sort()
1187 self.write('<table border=0 cellspacing=0 cellpadding=2>\n')
1188 for cn in classnames:
1189 cl = self.db.getclass(cn)
1190 self.write('<tr class="list-header"><th colspan=2 align=left>'
1191 '<a href="%s">%s</a></th></tr>'%(cn, cn.capitalize()))
1192 for key, value in cl.properties.items():
1193 if value is None: value = ''
1194 else: value = str(value)
1195 self.write('<tr><th align=left>%s</th><td>%s</td></tr>'%(
1196 key, cgi.escape(value)))
1197 self.write('</table>')
1198 self.pagefoot()
1200 def login(self, message=None, newuser_form=None, action='index'):
1201 '''Display a login page.
1202 '''
1203 self.pagehead(_('Login to roundup'))
1204 if message:
1205 self.write('<p class="system-msg">%s</p>'%message)
1206 self.write(_('''
1207 <table>
1208 <tr><td colspan=2 class="strong-header">Existing User Login</td></tr>
1209 <form onSubmit="return submit_once()" action="login_action" method=POST>
1210 <input type="hidden" name="__destination_url" value="%(action)s">
1211 <tr><td align=right>Login name: </td>
1212 <td><input name="__login_name"></td></tr>
1213 <tr><td align=right>Password: </td>
1214 <td><input type="password" name="__login_password"></td></tr>
1215 <tr><td></td>
1216 <td><input type="submit" value="Log In"></td></tr>
1217 </form>
1218 ''')%locals())
1219 userid = self.db.user.lookup(self.user)
1220 if not self.db.security.hasPermission('Web Registration', userid):
1221 self.write('</table>')
1222 self.pagefoot()
1223 return
1224 values = {'realname': '', 'organisation': '', 'address': '',
1225 'phone': '', 'username': '', 'password': '', 'confirm': '',
1226 'action': action, 'alternate_addresses': ''}
1227 if newuser_form is not None:
1228 for key in newuser_form.keys():
1229 values[key] = newuser_form[key].value
1230 self.write(_('''
1231 <p>
1232 <tr><td colspan=2 class="strong-header">New User Registration</td></tr>
1233 <tr><td colspan=2><em>marked items</em> are optional...</td></tr>
1234 <form onSubmit="return submit_once()" action="newuser_action" method=POST>
1235 <input type="hidden" name="__destination_url" value="%(action)s">
1236 <tr><td align=right><em>Name: </em></td>
1237 <td><input name="realname" value="%(realname)s" size=40></td></tr>
1238 <tr><td align=right><em>Organisation: </em></td>
1239 <td><input name="organisation" value="%(organisation)s" size=40></td></tr>
1240 <tr><td align=right>E-Mail Address: </td>
1241 <td><input name="address" value="%(address)s" size=40></td></tr>
1242 <tr><td align=right><em>Alternate E-mail Addresses: </em></td>
1243 <td><textarea name="alternate_addresses" rows=5 cols=40>%(alternate_addresses)s</textarea></td></tr>
1244 <tr><td align=right><em>Phone: </em></td>
1245 <td><input name="phone" value="%(phone)s"></td></tr>
1246 <tr><td align=right>Preferred Login name: </td>
1247 <td><input name="username" value="%(username)s"></td></tr>
1248 <tr><td align=right>Password: </td>
1249 <td><input type="password" name="password" value="%(password)s"></td></tr>
1250 <tr><td align=right>Password Again: </td>
1251 <td><input type="password" name="confirm" value="%(confirm)s"></td></tr>
1252 <tr><td></td>
1253 <td><input type="submit" value="Register"></td></tr>
1254 </form>
1255 </table>
1256 ''')%values)
1257 self.pagefoot()
1259 def login_action(self, message=None):
1260 '''Attempt to log a user in and set the cookie
1262 returns 0 if a page is generated as a result of this call, and
1263 1 if not (ie. the login is successful
1264 '''
1265 if not self.form.has_key('__login_name'):
1266 self.login(message=_('Username required'))
1267 return 0
1268 self.user = self.form['__login_name'].value
1269 # re-open the database for real, using the user
1270 self.opendb(self.user)
1271 if self.form.has_key('__login_password'):
1272 password = self.form['__login_password'].value
1273 else:
1274 password = ''
1275 # make sure the user exists
1276 try:
1277 uid = self.db.user.lookup(self.user)
1278 except KeyError:
1279 name = self.user
1280 self.make_user_anonymous()
1281 action = self.form['__destination_url'].value
1282 self.login(message=_('No such user "%(name)s"')%locals(),
1283 action=action)
1284 return 0
1286 # and that the password is correct
1287 pw = self.db.user.get(uid, 'password')
1288 if password != pw:
1289 self.make_user_anonymous()
1290 action = self.form['__destination_url'].value
1291 self.login(message=_('Incorrect password'), action=action)
1292 return 0
1294 self.set_cookie(self.user, password)
1295 return 1
1297 def newuser_action(self, message=None):
1298 '''Attempt to create a new user based on the contents of the form
1299 and then set the cookie.
1301 return 1 on successful login
1302 '''
1303 # make sure we're allowed to register
1304 userid = self.db.user.lookup(self.user)
1305 if not self.db.security.hasPermission('Web Registration', userid):
1306 raise Unauthorised, _("You do not have permission to access"\
1307 " %(action)s.")%{'action': 'registration'}
1309 # re-open the database as "admin"
1310 self.opendb('admin')
1312 # create the new user
1313 cl = self.db.user
1314 try:
1315 props = parsePropsFromForm(self.db, cl, self.form)
1316 props['roles'] = self.instance.NEW_WEB_USER_ROLES
1317 uid = cl.create(**props)
1318 self.db.commit()
1319 except ValueError, message:
1320 action = self.form['__destination_url'].value
1321 self.login(message, action=action)
1322 return 0
1324 # log the new user in
1325 self.user = cl.get(uid, 'username')
1326 # re-open the database for real, using the user
1327 self.opendb(self.user)
1328 password = cl.get(uid, 'password')
1329 self.set_cookie(self.user, self.form['password'].value)
1330 return 1
1332 def set_cookie(self, user, password):
1333 # TODO generate a much, much stronger session key ;)
1334 session = binascii.b2a_base64(repr(time.time())).strip()
1336 # clean up the base64
1337 if session[-1] == '=':
1338 if session[-2] == '=':
1339 session = session[:-2]
1340 else:
1341 session = session[:-1]
1343 # insert the session in the sessiondb
1344 sessions = self.db.getclass('__sessions')
1345 self.session = sessions.create(sessid=session, user=user,
1346 last_use=date.Date())
1348 # and commit immediately
1349 self.db.commit()
1351 # expire us in a long, long time
1352 expire = Cookie._getdate(86400*365)
1354 # generate the cookie path - make sure it has a trailing '/'
1355 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
1356 ''))
1357 self.header({'Set-Cookie': 'roundup_user=%s; expires=%s; Path=%s;'%(
1358 session, expire, path)})
1360 def make_user_anonymous(self):
1361 ''' Make use anonymous
1363 This method used to handle non-existence of the 'anonymous'
1364 user, but that user is mandatory now.
1365 '''
1366 self.db.user.lookup('anonymous')
1367 self.user = 'anonymous'
1369 def logout(self, message=None):
1370 self.make_user_anonymous()
1371 # construct the logout cookie
1372 now = Cookie._getdate()
1373 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
1374 ''))
1375 self.header({'Set-Cookie':
1376 'roundup_user=deleted; Max-Age=0; expires=%s; Path=%s;'%(now,
1377 path)})
1378 self.login()
1380 def opendb(self, user):
1381 ''' Open the database - but include the definition of the sessions db.
1382 '''
1383 # open the db
1384 self.db = self.instance.open(user)
1386 # make sure we have the session Class
1387 try:
1388 sessions = self.db.getclass('__sessions')
1389 except:
1390 # add the sessions Class - use a non-journalling Class
1391 # TODO: not happy with how we're getting the Class here :(
1392 sessions = self.instance.dbinit.Class(self.db, '__sessions',
1393 sessid=hyperdb.String(), user=hyperdb.String(),
1394 last_use=hyperdb.Date())
1395 sessions.setkey('sessid')
1396 # make sure session db isn't journalled
1397 sessions.disableJournalling()
1399 def main(self):
1400 ''' Wrap the request and handle unauthorised requests
1401 '''
1402 self.desired_action = None
1403 try:
1404 self.main_action()
1405 except Unauthorised, message:
1406 self.header(response=403)
1407 if self.desired_action is None or self.desired_action == 'login':
1408 if not message:
1409 message=_("You do not have permission.")
1410 # go to the index after login
1411 self.login(message=message)
1412 else:
1413 if not message:
1414 message=_("You do not have permission to access"\
1415 " %(action)s.")%{'action': self.desired_action}
1416 self.login(action=self.desired_action, message=message)
1418 def main_action(self):
1419 '''Wrap the database accesses so we can close the database cleanly
1420 '''
1421 # determine the uid to use
1422 self.opendb('admin')
1424 # make sure we have the session Class
1425 sessions = self.db.getclass('__sessions')
1427 # age sessions, remove when they haven't been used for a week
1428 # TODO: this shouldn't be done every access
1429 week = date.Interval('7d')
1430 now = date.Date()
1431 for sessid in sessions.list():
1432 interval = now - sessions.get(sessid, 'last_use')
1433 if interval > week:
1434 sessions.destroy(sessid)
1436 # look up the user session cookie
1437 cookie = Cookie.Cookie(self.env.get('HTTP_COOKIE', ''))
1438 user = 'anonymous'
1439 if (cookie.has_key('roundup_user') and
1440 cookie['roundup_user'].value != 'deleted'):
1442 # get the session key from the cookie
1443 session = cookie['roundup_user'].value
1445 # get the user from the session
1446 try:
1447 self.session = sessions.lookup(session)
1448 except KeyError:
1449 user = 'anonymous'
1450 else:
1451 # update the lifetime datestamp
1452 sessions.set(self.session, last_use=date.Date())
1453 self.db.commit()
1454 user = sessions.get(sessid, 'user')
1456 # sanity check on the user still being valid
1457 try:
1458 self.db.user.lookup(user)
1459 except KeyError:
1460 user = 'anonymous'
1462 # make sure the anonymous user is valid if we're using it
1463 if user == 'anonymous':
1464 self.make_user_anonymous()
1465 else:
1466 self.user = user
1468 # now figure which function to call
1469 path = self.split_path
1471 # default action to index if the path has no information in it
1472 if not path or path[0] in ('', 'index'):
1473 action = 'index'
1474 else:
1475 action = path[0]
1476 self.desired_action = action
1478 # Everthing ignores path[1:]
1479 # - The file download link generator actually relies on this - it
1480 # appends the name of the file to the URL so the download file name
1481 # is correct, but doesn't actually use it.
1483 # everyone is allowed to try to log in
1484 if action == 'login_action':
1485 # try to login
1486 if not self.login_action():
1487 return
1488 # figure the resulting page
1489 action = self.form['__destination_url'].value
1490 if not action:
1491 action = 'index'
1492 self.do_action(action)
1493 return
1495 # allow anonymous people to register
1496 if action == 'newuser_action':
1497 # try to add the user
1498 if not self.newuser_action():
1499 return
1500 # figure the resulting page
1501 action = self.form['__destination_url'].value
1502 if not action:
1503 action = 'index'
1505 # re-open the database for real, using the user
1506 self.opendb(self.user)
1508 # just a regular action
1509 self.do_action(action)
1511 # commit all changes to the database
1512 self.db.commit()
1514 def do_action(self, action, dre=re.compile(r'([^\d]+)(\d+)'),
1515 nre=re.compile(r'new(\w+)'), sre=re.compile(r'search(\w+)')):
1516 '''Figure the user's action and do it.
1517 '''
1518 # here be the "normal" functionality
1519 if action == 'index':
1520 self.index()
1521 return
1522 if action == 'list_classes':
1523 self.classes()
1524 return
1525 if action == 'classhelp':
1526 self.classhelp()
1527 return
1528 if action == 'login':
1529 self.login()
1530 return
1531 if action == 'logout':
1532 self.logout()
1533 return
1535 # see if we're to display an existing node
1536 m = dre.match(action)
1537 if m:
1538 self.classname = m.group(1)
1539 self.nodeid = m.group(2)
1540 try:
1541 cl = self.db.classes[self.classname]
1542 except KeyError:
1543 raise NotFound, self.classname
1544 try:
1545 cl.get(self.nodeid, 'id')
1546 except IndexError:
1547 raise NotFound, self.nodeid
1548 try:
1549 func = getattr(self, 'show%s'%self.classname)
1550 except AttributeError:
1551 raise NotFound, 'show%s'%self.classname
1552 func()
1553 return
1555 # see if we're to put up the new node page
1556 m = nre.match(action)
1557 if m:
1558 self.classname = m.group(1)
1559 try:
1560 func = getattr(self, 'new%s'%self.classname)
1561 except AttributeError:
1562 raise NotFound, 'new%s'%self.classname
1563 func()
1564 return
1566 # see if we're to put up the new node page
1567 m = sre.match(action)
1568 if m:
1569 self.classname = m.group(1)
1570 try:
1571 func = getattr(self, 'search%s'%self.classname)
1572 except AttributeError:
1573 raise NotFound
1574 func()
1575 return
1577 # otherwise, display the named class
1578 self.classname = action
1579 try:
1580 self.db.getclass(self.classname)
1581 except KeyError:
1582 raise NotFound, self.classname
1583 self.list()
1586 class ExtendedClient(Client):
1587 '''Includes pages and page heading information that relate to the
1588 extended schema.
1589 '''
1590 showsupport = Client.shownode
1591 showtimelog = Client.shownode
1592 newsupport = Client.newnode
1593 newtimelog = Client.newnode
1594 searchsupport = Client.searchnode
1596 default_index_sort = ['-activity']
1597 default_index_group = ['priority']
1598 default_index_filter = ['status']
1599 default_index_columns = ['activity','status','title','assignedto']
1600 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
1601 default_pagesize = '50'
1603 def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')):
1604 '''Pull properties for the given class out of the form.
1605 '''
1606 props = {}
1607 keys = form.keys()
1608 for key in keys:
1609 if not cl.properties.has_key(key):
1610 continue
1611 proptype = cl.properties[key]
1612 if isinstance(proptype, hyperdb.String):
1613 value = form[key].value.strip()
1614 elif isinstance(proptype, hyperdb.Password):
1615 value = password.Password(form[key].value.strip())
1616 elif isinstance(proptype, hyperdb.Date):
1617 value = form[key].value.strip()
1618 if value:
1619 value = date.Date(form[key].value.strip())
1620 else:
1621 value = None
1622 elif isinstance(proptype, hyperdb.Interval):
1623 value = form[key].value.strip()
1624 if value:
1625 value = date.Interval(form[key].value.strip())
1626 else:
1627 value = None
1628 elif isinstance(proptype, hyperdb.Link):
1629 value = form[key].value.strip()
1630 # see if it's the "no selection" choice
1631 if value == '-1':
1632 # don't set this property
1633 continue
1634 else:
1635 # handle key values
1636 link = cl.properties[key].classname
1637 if not num_re.match(value):
1638 try:
1639 value = db.classes[link].lookup(value)
1640 except KeyError:
1641 raise ValueError, _('property "%(propname)s": '
1642 '%(value)s not a %(classname)s')%{'propname':key,
1643 'value': value, 'classname': link}
1644 elif isinstance(proptype, hyperdb.Multilink):
1645 value = form[key]
1646 if hasattr(value, 'value'):
1647 # Quite likely to be a FormItem instance
1648 value = value.value
1649 if not isinstance(value, type([])):
1650 value = [i.strip() for i in value.split(',')]
1651 else:
1652 value = [i.strip() for i in value]
1653 link = cl.properties[key].classname
1654 l = []
1655 for entry in map(str, value):
1656 if entry == '': continue
1657 if not num_re.match(entry):
1658 try:
1659 entry = db.classes[link].lookup(entry)
1660 except KeyError:
1661 raise ValueError, _('property "%(propname)s": '
1662 '"%(value)s" not an entry of %(classname)s')%{
1663 'propname':key, 'value': entry, 'classname': link}
1664 l.append(entry)
1665 l.sort()
1666 value = l
1667 elif isinstance(proptype, hyperdb.Boolean):
1668 value = form[key].value.strip()
1669 props[key] = value = value.lower() in ('yes', 'true', 'on', '1')
1670 elif isinstance(proptype, hyperdb.Number):
1671 value = form[key].value.strip()
1672 props[key] = value = int(value)
1674 # get the old value
1675 if nodeid:
1676 try:
1677 existing = cl.get(nodeid, key)
1678 except KeyError:
1679 # this might be a new property for which there is no existing
1680 # value
1681 if not cl.properties.has_key(key): raise
1683 # if changed, set it
1684 if value != existing:
1685 props[key] = value
1686 else:
1687 props[key] = value
1688 return props
1690 #
1691 # $Log: not supported by cvs2svn $
1692 # Revision 1.145 2002/07/26 08:26:59 richard
1693 # Very close now. The cgi and mailgw now use the new security API. The two
1694 # templates have been migrated to that setup. Lots of unit tests. Still some
1695 # issue in the web form for editing Roles assigned to users.
1696 #
1697 # Revision 1.144 2002/07/25 07:14:05 richard
1698 # Bugger it. Here's the current shape of the new security implementation.
1699 # Still to do:
1700 # . call the security funcs from cgi and mailgw
1701 # . change shipped templates to include correct initialisation and remove
1702 # the old config vars
1703 # ... that seems like a lot. The bulk of the work has been done though. Honest :)
1704 #
1705 # Revision 1.143 2002/07/20 19:29:10 gmcm
1706 # Fixes/improvements to the search form & saved queries.
1707 #
1708 # Revision 1.142 2002/07/18 11:17:30 gmcm
1709 # Add Number and Boolean types to hyperdb.
1710 # Add conversion cases to web, mail & admin interfaces.
1711 # Add storage/serialization cases to back_anydbm & back_metakit.
1712 #
1713 # Revision 1.141 2002/07/17 12:39:10 gmcm
1714 # Saving, running & editing queries.
1715 #
1716 # Revision 1.140 2002/07/14 23:17:15 richard
1717 # cleaned up structure
1718 #
1719 # Revision 1.139 2002/07/14 06:14:40 richard
1720 # Some more TODOs
1721 #
1722 # Revision 1.138 2002/07/14 04:03:13 richard
1723 # Implemented a switch to disable journalling for a Class. CGI session
1724 # database now uses it.
1725 #
1726 # Revision 1.137 2002/07/10 07:00:30 richard
1727 # removed debugging
1728 #
1729 # Revision 1.136 2002/07/10 06:51:08 richard
1730 # . #576241 ] MultiLink problems in parsePropsFromForm
1731 #
1732 # Revision 1.135 2002/07/10 00:22:34 richard
1733 # . switched to using a session-based web login
1734 #
1735 # Revision 1.134 2002/07/09 04:19:09 richard
1736 # Added reindex command to roundup-admin.
1737 # Fixed reindex on first access.
1738 # Also fixed reindexing of entries that change.
1739 #
1740 # Revision 1.133 2002/07/08 15:32:05 gmcm
1741 # Pagination of index pages.
1742 # New search form.
1743 #
1744 # Revision 1.132 2002/07/08 07:26:14 richard
1745 # ehem
1746 #
1747 # Revision 1.131 2002/07/08 06:53:57 richard
1748 # Not sure why the cgi_client had an indexer argument.
1749 #
1750 # Revision 1.130 2002/06/27 12:01:53 gmcm
1751 # If the form has a :multilink, put a back href in the pageheader (back to the linked-to node).
1752 # Some minor optimizations (only compile regexes once).
1753 #
1754 # Revision 1.129 2002/06/20 23:52:11 richard
1755 # Better handling of unauth attempt to edit stuff
1756 #
1757 # Revision 1.128 2002/06/12 21:28:25 gmcm
1758 # Allow form to set user-properties on a Fileclass.
1759 # Don't assume that a Fileclass is named "files".
1760 #
1761 # Revision 1.127 2002/06/11 06:38:24 richard
1762 # . #565996 ] The "Attach a File to this Issue" fails
1763 #
1764 # Revision 1.126 2002/05/29 01:16:17 richard
1765 # Sorry about this huge checkin! It's fixing a lot of related stuff in one go
1766 # though.
1767 #
1768 # . #541941 ] changing multilink properties by mail
1769 # . #526730 ] search for messages capability
1770 # . #505180 ] split MailGW.handle_Message
1771 # - also changed cgi client since it was duplicating the functionality
1772 # . build htmlbase if tests are run using CVS checkout (removed note from
1773 # installation.txt)
1774 # . don't create an empty message on email issue creation if the email is empty
1775 #
1776 # Revision 1.125 2002/05/25 07:16:24 rochecompaan
1777 # Merged search_indexing-branch with HEAD
1778 #
1779 # Revision 1.124 2002/05/24 02:09:24 richard
1780 # Nothing like a live demo to show up the bugs ;)
1781 #
1782 # Revision 1.123 2002/05/22 05:04:13 richard
1783 # Oops
1784 #
1785 # Revision 1.122 2002/05/22 04:12:05 richard
1786 # . applied patch #558876 ] cgi client customization
1787 # ... with significant additions and modifications ;)
1788 # - extended handling of ML assignedto to all places it's handled
1789 # - added more NotFound info
1790 #
1791 # Revision 1.121 2002/05/21 06:08:10 richard
1792 # Handle migration
1793 #
1794 # Revision 1.120 2002/05/21 06:05:53 richard
1795 # . #551483 ] assignedto in Client.make_index_link
1796 #
1797 # Revision 1.119 2002/05/15 06:21:21 richard
1798 # . node caching now works, and gives a small boost in performance
1799 #
1800 # As a part of this, I cleaned up the DEBUG output and implemented TRACE
1801 # output (HYPERDBTRACE='file to trace to') with checkpoints at the start of
1802 # CGI requests. Run roundup with python -O to skip all the DEBUG/TRACE stuff
1803 # (using if __debug__ which is compiled out with -O)
1804 #
1805 # Revision 1.118 2002/05/12 23:46:33 richard
1806 # ehem, part 2
1807 #
1808 # Revision 1.117 2002/05/12 23:42:29 richard
1809 # ehem
1810 #
1811 # Revision 1.116 2002/05/02 08:07:49 richard
1812 # Added the ADD_AUTHOR_TO_NOSY handling to the CGI interface.
1813 #
1814 # Revision 1.115 2002/04/02 01:56:10 richard
1815 # . stop sending blank (whitespace-only) notes
1816 #
1817 # Revision 1.114.2.4 2002/05/02 11:49:18 rochecompaan
1818 # Allow customization of the search filters that should be displayed
1819 # on the search page.
1820 #
1821 # Revision 1.114.2.3 2002/04/20 13:23:31 rochecompaan
1822 # We now have a separate search page for nodes. Search links for
1823 # different classes can be customized in instance_config similar to
1824 # index links.
1825 #
1826 # Revision 1.114.2.2 2002/04/19 19:54:42 rochecompaan
1827 # cgi_client.py
1828 # removed search link for the time being
1829 # moved rendering of matches to htmltemplate
1830 # hyperdb.py
1831 # filtering of nodes on full text search incorporated in filter method
1832 # roundupdb.py
1833 # added paramater to call of filter method
1834 # roundup_indexer.py
1835 # added search method to RoundupIndexer class
1836 #
1837 # Revision 1.114.2.1 2002/04/03 11:55:57 rochecompaan
1838 # . Added feature #526730 - search for messages capability
1839 #
1840 # Revision 1.114 2002/03/17 23:06:05 richard
1841 # oops
1842 #
1843 # Revision 1.113 2002/03/14 23:59:24 richard
1844 # . #517734 ] web header customisation is obscure
1845 #
1846 # Revision 1.112 2002/03/12 22:52:26 richard
1847 # more pychecker warnings removed
1848 #
1849 # Revision 1.111 2002/02/25 04:32:21 richard
1850 # ahem
1851 #
1852 # Revision 1.110 2002/02/21 07:19:08 richard
1853 # ... and label, width and height control for extra flavour!
1854 #
1855 # Revision 1.109 2002/02/21 07:08:19 richard
1856 # oops
1857 #
1858 # Revision 1.108 2002/02/21 07:02:54 richard
1859 # The correct var is "HTTP_HOST"
1860 #
1861 # Revision 1.107 2002/02/21 06:57:38 richard
1862 # . Added popup help for classes using the classhelp html template function.
1863 # - add <display call="classhelp('priority', 'id,name,description')">
1864 # to an item page, and it generates a link to a popup window which displays
1865 # the id, name and description for the priority class. The description
1866 # field won't exist in most installations, but it will be added to the
1867 # default templates.
1868 #
1869 # Revision 1.106 2002/02/21 06:23:00 richard
1870 # *** empty log message ***
1871 #
1872 # Revision 1.105 2002/02/20 05:52:10 richard
1873 # better error handling
1874 #
1875 # Revision 1.104 2002/02/20 05:45:17 richard
1876 # Use the csv module for generating the form entry so it's correct.
1877 # [also noted the sf.net feature request id in the change log]
1878 #
1879 # Revision 1.103 2002/02/20 05:05:28 richard
1880 # . Added simple editing for classes that don't define a templated interface.
1881 # - access using the admin "class list" interface
1882 # - limited to admin-only
1883 # - requires the csv module from object-craft (url given if it's missing)
1884 #
1885 # Revision 1.102 2002/02/15 07:08:44 richard
1886 # . Alternate email addresses are now available for users. See the MIGRATION
1887 # file for info on how to activate the feature.
1888 #
1889 # Revision 1.101 2002/02/14 23:39:18 richard
1890 # . All forms now have "double-submit" protection when Javascript is enabled
1891 # on the client-side.
1892 #
1893 # Revision 1.100 2002/01/16 07:02:57 richard
1894 # . lots of date/interval related changes:
1895 # - more relaxed date format for input
1896 #
1897 # Revision 1.99 2002/01/16 03:02:42 richard
1898 # #503793 ] changing assignedto resets nosy list
1899 #
1900 # Revision 1.98 2002/01/14 02:20:14 richard
1901 # . changed all config accesses so they access either the instance or the
1902 # config attriubute on the db. This means that all config is obtained from
1903 # instance_config instead of the mish-mash of classes. This will make
1904 # switching to a ConfigParser setup easier too, I hope.
1905 #
1906 # At a minimum, this makes migration a _little_ easier (a lot easier in the
1907 # 0.5.0 switch, I hope!)
1908 #
1909 # Revision 1.97 2002/01/11 23:22:29 richard
1910 # . #502437 ] rogue reactor and unittest
1911 # in short, the nosy reactor was modifying the nosy list. That code had
1912 # been there for a long time, and I suspsect it was there because we
1913 # weren't generating the nosy list correctly in other places of the code.
1914 # We're now doing that, so the nosy-modifying code can go away from the
1915 # nosy reactor.
1916 #
1917 # Revision 1.96 2002/01/10 05:26:10 richard
1918 # missed a parsePropsFromForm in last update
1919 #
1920 # Revision 1.95 2002/01/10 03:39:45 richard
1921 # . fixed some problems with web editing and change detection
1922 #
1923 # Revision 1.94 2002/01/09 13:54:21 grubert
1924 # _add_assignedto_to_nosy did set nosy to assignedto only, no adding.
1925 #
1926 # Revision 1.93 2002/01/08 11:57:12 richard
1927 # crying out for real configuration handling... :(
1928 #
1929 # Revision 1.92 2002/01/08 04:12:05 richard
1930 # Changed message-id format to "<%s.%s.%s%s@%s>" so it complies with RFC822
1931 #
1932 # Revision 1.91 2002/01/08 04:03:47 richard
1933 # I mucked the intent of the code up.
1934 #
1935 # Revision 1.90 2002/01/08 03:56:55 richard
1936 # Oops, missed this before the beta:
1937 # . #495392 ] empty nosy -patch
1938 #
1939 # Revision 1.89 2002/01/07 20:24:45 richard
1940 # *mutter* stupid cutnpaste
1941 #
1942 # Revision 1.88 2002/01/02 02:31:38 richard
1943 # Sorry for the huge checkin message - I was only intending to implement #496356
1944 # but I found a number of places where things had been broken by transactions:
1945 # . modified ROUNDUPDBSENDMAILDEBUG to be SENDMAILDEBUG and hold a filename
1946 # for _all_ roundup-generated smtp messages to be sent to.
1947 # . the transaction cache had broken the roundupdb.Class set() reactors
1948 # . newly-created author users in the mailgw weren't being committed to the db
1949 #
1950 # Stuff that made it into CHANGES.txt (ie. the stuff I was actually working
1951 # on when I found that stuff :):
1952 # . #496356 ] Use threading in messages
1953 # . detectors were being registered multiple times
1954 # . added tests for mailgw
1955 # . much better attaching of erroneous messages in the mail gateway
1956 #
1957 # Revision 1.87 2001/12/23 23:18:49 richard
1958 # We already had an admin-specific section of the web heading, no need to add
1959 # another one :)
1960 #
1961 # Revision 1.86 2001/12/20 15:43:01 rochecompaan
1962 # Features added:
1963 # . Multilink properties are now displayed as comma separated values in
1964 # a textbox
1965 # . The add user link is now only visible to the admin user
1966 # . Modified the mail gateway to reject submissions from unknown
1967 # addresses if ANONYMOUS_ACCESS is denied
1968 #
1969 # Revision 1.85 2001/12/20 06:13:24 rochecompaan
1970 # Bugs fixed:
1971 # . Exception handling in hyperdb for strings-that-look-like numbers got
1972 # lost somewhere
1973 # . Internet Explorer submits full path for filename - we now strip away
1974 # the path
1975 # Features added:
1976 # . Link and multilink properties are now displayed sorted in the cgi
1977 # interface
1978 #
1979 # Revision 1.84 2001/12/18 15:30:30 rochecompaan
1980 # Fixed bugs:
1981 # . Fixed file creation and retrieval in same transaction in anydbm
1982 # backend
1983 # . Cgi interface now renders new issue after issue creation
1984 # . Could not set issue status to resolved through cgi interface
1985 # . Mail gateway was changing status back to 'chatting' if status was
1986 # omitted as an argument
1987 #
1988 # Revision 1.83 2001/12/15 23:51:01 richard
1989 # Tested the changes and fixed a few problems:
1990 # . files are now attached to the issue as well as the message
1991 # . newuser is a real method now since we don't want to do the message/file
1992 # stuff for it
1993 # . added some documentation
1994 # The really big changes in the diff are a result of me moving some code
1995 # around to keep like methods together a bit better.
1996 #
1997 # Revision 1.82 2001/12/15 19:24:39 rochecompaan
1998 # . Modified cgi interface to change properties only once all changes are
1999 # collected, files created and messages generated.
2000 # . Moved generation of change note to nosyreactors.
2001 # . We now check for changes to "assignedto" to ensure it's added to the
2002 # nosy list.
2003 #
2004 # Revision 1.81 2001/12/12 23:55:00 richard
2005 # Fixed some problems with user editing
2006 #
2007 # Revision 1.80 2001/12/12 23:27:14 richard
2008 # Added a Zope frontend for roundup.
2009 #
2010 # Revision 1.79 2001/12/10 22:20:01 richard
2011 # Enabled transaction support in the bsddb backend. It uses the anydbm code
2012 # where possible, only replacing methods where the db is opened (it uses the
2013 # btree opener specifically.)
2014 # Also cleaned up some change note generation.
2015 # Made the backends package work with pydoc too.
2016 #
2017 # Revision 1.78 2001/12/07 05:59:27 rochecompaan
2018 # Fixed small bug that prevented adding issues through the web.
2019 #
2020 # Revision 1.77 2001/12/06 22:48:29 richard
2021 # files multilink was being nuked in post_edit_node
2022 #
2023 # Revision 1.76 2001/12/05 14:26:44 rochecompaan
2024 # Removed generation of change note from "sendmessage" in roundupdb.py.
2025 # The change note is now generated when the message is created.
2026 #
2027 # Revision 1.75 2001/12/04 01:25:08 richard
2028 # Added some rollbacks where we were catching exceptions that would otherwise
2029 # have stopped committing.
2030 #
2031 # Revision 1.74 2001/12/02 05:06:16 richard
2032 # . We now use weakrefs in the Classes to keep the database reference, so
2033 # the close() method on the database is no longer needed.
2034 # I bumped the minimum python requirement up to 2.1 accordingly.
2035 # . #487480 ] roundup-server
2036 # . #487476 ] INSTALL.txt
2037 #
2038 # I also cleaned up the change message / post-edit stuff in the cgi client.
2039 # There's now a clearly marked "TODO: append the change note" where I believe
2040 # the change note should be added there. The "changes" list will obviously
2041 # have to be modified to be a dict of the changes, or somesuch.
2042 #
2043 # More testing needed.
2044 #
2045 # Revision 1.73 2001/12/01 07:17:50 richard
2046 # . We now have basic transaction support! Information is only written to
2047 # the database when the commit() method is called. Only the anydbm
2048 # backend is modified in this way - neither of the bsddb backends have been.
2049 # The mail, admin and cgi interfaces all use commit (except the admin tool
2050 # doesn't have a commit command, so interactive users can't commit...)
2051 # . Fixed login/registration forwarding the user to the right page (or not,
2052 # on a failure)
2053 #
2054 # Revision 1.72 2001/11/30 20:47:58 rochecompaan
2055 # Links in page header are now consistent with default sort order.
2056 #
2057 # Fixed bugs:
2058 # - When login failed the list of issues were still rendered.
2059 # - User was redirected to index page and not to his destination url
2060 # if his first login attempt failed.
2061 #
2062 # Revision 1.71 2001/11/30 20:28:10 rochecompaan
2063 # Property changes are now completely traceable, whether changes are
2064 # made through the web or by email
2065 #
2066 # Revision 1.70 2001/11/30 00:06:29 richard
2067 # Converted roundup/cgi_client.py to use _()
2068 # Added the status file, I18N_PROGRESS.txt
2069 #
2070 # Revision 1.69 2001/11/29 23:19:51 richard
2071 # Removed the "This issue has been edited through the web" when a valid
2072 # change note is supplied.
2073 #
2074 # Revision 1.68 2001/11/29 04:57:23 richard
2075 # a little comment
2076 #
2077 # Revision 1.67 2001/11/28 21:55:35 richard
2078 # . login_action and newuser_action return values were being ignored
2079 # . Woohoo! Found that bloody re-login bug that was killing the mail
2080 # gateway.
2081 # (also a minor cleanup in hyperdb)
2082 #
2083 # Revision 1.66 2001/11/27 03:00:50 richard
2084 # couple of bugfixes from latest patch integration
2085 #
2086 # Revision 1.65 2001/11/26 23:00:53 richard
2087 # This config stuff is getting to be a real mess...
2088 #
2089 # Revision 1.64 2001/11/26 22:56:35 richard
2090 # typo
2091 #
2092 # Revision 1.63 2001/11/26 22:55:56 richard
2093 # Feature:
2094 # . Added INSTANCE_NAME to configuration - used in web and email to identify
2095 # the instance.
2096 # . Added EMAIL_SIGNATURE_POSITION to indicate where to place the roundup
2097 # signature info in e-mails.
2098 # . Some more flexibility in the mail gateway and more error handling.
2099 # . Login now takes you to the page you back to the were denied access to.
2100 #
2101 # Fixed:
2102 # . Lots of bugs, thanks Roché and others on the devel mailing list!
2103 #
2104 # Revision 1.62 2001/11/24 00:45:42 jhermann
2105 # typeof() instead of type(): avoid clash with database field(?) "type"
2106 #
2107 # Fixes this traceback:
2108 #
2109 # Traceback (most recent call last):
2110 # File "roundup\cgi_client.py", line 535, in newnode
2111 # self._post_editnode(nid)
2112 # File "roundup\cgi_client.py", line 415, in _post_editnode
2113 # if type(value) != type([]): value = [value]
2114 # UnboundLocalError: local variable 'type' referenced before assignment
2115 #
2116 # Revision 1.61 2001/11/22 15:46:42 jhermann
2117 # Added module docstrings to all modules.
2118 #
2119 # Revision 1.60 2001/11/21 22:57:28 jhermann
2120 # Added dummy hooks for I18N and some preliminary (test) markup of
2121 # translatable messages
2122 #
2123 # Revision 1.59 2001/11/21 03:21:13 richard
2124 # oops
2125 #
2126 # Revision 1.58 2001/11/21 03:11:28 richard
2127 # Better handling of new properties.
2128 #
2129 # Revision 1.57 2001/11/15 10:24:27 richard
2130 # handle the case where there is no file attached
2131 #
2132 # Revision 1.56 2001/11/14 21:35:21 richard
2133 # . users may attach files to issues (and support in ext) through the web now
2134 #
2135 # Revision 1.55 2001/11/07 02:34:06 jhermann
2136 # Handling of damaged login cookies
2137 #
2138 # Revision 1.54 2001/11/07 01:16:12 richard
2139 # Remove the '=' padding from cookie value so quoting isn't an issue.
2140 #
2141 # Revision 1.53 2001/11/06 23:22:05 jhermann
2142 # More IE fixes: it does not like quotes around cookie values; in the
2143 # hope this does not break anything for other browser; if it does, we
2144 # need to check HTTP_USER_AGENT
2145 #
2146 # Revision 1.52 2001/11/06 23:11:22 jhermann
2147 # Fixed debug output in page footer; added expiry date to the login cookie
2148 # (expires 1 year in the future) to prevent probs with certain versions
2149 # of IE
2150 #
2151 # Revision 1.51 2001/11/06 22:00:34 jhermann
2152 # Get debug level from ROUNDUP_DEBUG env var
2153 #
2154 # Revision 1.50 2001/11/05 23:45:40 richard
2155 # Fixed newuser_action so it sets the cookie with the unencrypted password.
2156 # Also made it present nicer error messages (not tracebacks).
2157 #
2158 # Revision 1.49 2001/11/04 03:07:12 richard
2159 # Fixed various cookie-related bugs:
2160 # . bug #477685 ] base64.decodestring breaks
2161 # . bug #477837 ] lynx does not like the cookie
2162 # . bug #477892 ] Password edit doesn't fix login cookie
2163 # Also closed a security hole - a logged-in user could edit another user's
2164 # details.
2165 #
2166 # Revision 1.48 2001/11/03 01:30:18 richard
2167 # Oops. uses pagefoot now.
2168 #
2169 # Revision 1.47 2001/11/03 01:29:28 richard
2170 # Login page didn't have all close tags.
2171 #
2172 # Revision 1.46 2001/11/03 01:26:55 richard
2173 # possibly fix truncated base64'ed user:pass
2174 #
2175 # Revision 1.45 2001/11/01 22:04:37 richard
2176 # Started work on supporting a pop3-fetching server
2177 # Fixed bugs:
2178 # . bug #477104 ] HTML tag error in roundup-server
2179 # . bug #477107 ] HTTP header problem
2180 #
2181 # Revision 1.44 2001/10/28 23:03:08 richard
2182 # Added more useful header to the classic schema.
2183 #
2184 # Revision 1.43 2001/10/24 00:01:42 richard
2185 # More fixes to lockout logic.
2186 #
2187 # Revision 1.42 2001/10/23 23:56:03 richard
2188 # HTML typo
2189 #
2190 # Revision 1.41 2001/10/23 23:52:35 richard
2191 # Fixed lock-out logic, thanks Roch'e for pointing out the problems.
2192 #
2193 # Revision 1.40 2001/10/23 23:06:39 richard
2194 # Some cleanup.
2195 #
2196 # Revision 1.39 2001/10/23 01:00:18 richard
2197 # Re-enabled login and registration access after lopping them off via
2198 # disabling access for anonymous users.
2199 # Major re-org of the htmltemplate code, cleaning it up significantly. Fixed
2200 # a couple of bugs while I was there. Probably introduced a couple, but
2201 # things seem to work OK at the moment.
2202 #
2203 # Revision 1.38 2001/10/22 03:25:01 richard
2204 # Added configuration for:
2205 # . anonymous user access and registration (deny/allow)
2206 # . filter "widget" location on index page (top, bottom, both)
2207 # Updated some documentation.
2208 #
2209 # Revision 1.37 2001/10/21 07:26:35 richard
2210 # feature #473127: Filenames. I modified the file.index and htmltemplate
2211 # source so that the filename is used in the link and the creation
2212 # information is displayed.
2213 #
2214 # Revision 1.36 2001/10/21 04:44:50 richard
2215 # bug #473124: UI inconsistency with Link fields.
2216 # This also prompted me to fix a fairly long-standing usability issue -
2217 # that of being able to turn off certain filters.
2218 #
2219 # Revision 1.35 2001/10/21 00:17:54 richard
2220 # CGI interface view customisation section may now be hidden (patch from
2221 # Roch'e Compaan.)
2222 #
2223 # Revision 1.34 2001/10/20 11:58:48 richard
2224 # Catch errors in login - no username or password supplied.
2225 # Fixed editing of password (Password property type) thanks Roch'e Compaan.
2226 #
2227 # Revision 1.33 2001/10/17 00:18:41 richard
2228 # Manually constructing cookie headers now.
2229 #
2230 # Revision 1.32 2001/10/16 03:36:21 richard
2231 # CGI interface wasn't handling checkboxes at all.
2232 #
2233 # Revision 1.31 2001/10/14 10:55:00 richard
2234 # Handle empty strings in HTML template Link function
2235 #
2236 # Revision 1.30 2001/10/09 07:38:58 richard
2237 # Pushed the base code for the extended schema CGI interface back into the
2238 # code cgi_client module so that future updates will be less painful.
2239 # Also removed a debugging print statement from cgi_client.
2240 #
2241 # Revision 1.29 2001/10/09 07:25:59 richard
2242 # Added the Password property type. See "pydoc roundup.password" for
2243 # implementation details. Have updated some of the documentation too.
2244 #
2245 # Revision 1.28 2001/10/08 00:34:31 richard
2246 # Change message was stuffing up for multilinks with no key property.
2247 #
2248 # Revision 1.27 2001/10/05 02:23:24 richard
2249 # . roundup-admin create now prompts for property info if none is supplied
2250 # on the command-line.
2251 # . hyperdb Class getprops() method may now return only the mutable
2252 # properties.
2253 # . Login now uses cookies, which makes it a whole lot more flexible. We can
2254 # now support anonymous user access (read-only, unless there's an
2255 # "anonymous" user, in which case write access is permitted). Login
2256 # handling has been moved into cgi_client.Client.main()
2257 # . The "extended" schema is now the default in roundup init.
2258 # . The schemas have had their page headings modified to cope with the new
2259 # login handling. Existing installations should copy the interfaces.py
2260 # file from the roundup lib directory to their instance home.
2261 # . Incorrectly had a Bizar Software copyright on the cgitb.py module from
2262 # Ping - has been removed.
2263 # . Fixed a whole bunch of places in the CGI interface where we should have
2264 # been returning Not Found instead of throwing an exception.
2265 # . Fixed a deviation from the spec: trying to modify the 'id' property of
2266 # an item now throws an exception.
2267 #
2268 # Revision 1.26 2001/09/12 08:31:42 richard
2269 # handle cases where mime type is not guessable
2270 #
2271 # Revision 1.25 2001/08/29 05:30:49 richard
2272 # change messages weren't being saved when there was no-one on the nosy list.
2273 #
2274 # Revision 1.24 2001/08/29 04:49:39 richard
2275 # didn't clean up fully after debugging :(
2276 #
2277 # Revision 1.23 2001/08/29 04:47:18 richard
2278 # Fixed CGI client change messages so they actually include the properties
2279 # changed (again).
2280 #
2281 # Revision 1.22 2001/08/17 00:08:10 richard
2282 # reverted back to sending messages always regardless of who is doing the web
2283 # edit. change notes weren't being saved. bleah. hackish.
2284 #
2285 # Revision 1.21 2001/08/15 23:43:18 richard
2286 # Fixed some isFooTypes that I missed.
2287 # Refactored some code in the CGI code.
2288 #
2289 # Revision 1.20 2001/08/12 06:32:36 richard
2290 # using isinstance(blah, Foo) now instead of isFooType
2291 #
2292 # Revision 1.19 2001/08/07 00:24:42 richard
2293 # stupid typo
2294 #
2295 # Revision 1.18 2001/08/07 00:15:51 richard
2296 # Added the copyright/license notice to (nearly) all files at request of
2297 # Bizar Software.
2298 #
2299 # Revision 1.17 2001/08/02 06:38:17 richard
2300 # Roundupdb now appends "mailing list" information to its messages which
2301 # include the e-mail address and web interface address. Templates may
2302 # override this in their db classes to include specific information (support
2303 # instructions, etc).
2304 #
2305 # Revision 1.16 2001/08/02 05:55:25 richard
2306 # Web edit messages aren't sent to the person who did the edit any more. No
2307 # message is generated if they are the only person on the nosy list.
2308 #
2309 # Revision 1.15 2001/08/02 00:34:10 richard
2310 # bleah syntax error
2311 #
2312 # Revision 1.14 2001/08/02 00:26:16 richard
2313 # Changed the order of the information in the message generated by web edits.
2314 #
2315 # Revision 1.13 2001/07/30 08:12:17 richard
2316 # Added time logging and file uploading to the templates.
2317 #
2318 # Revision 1.12 2001/07/30 06:26:31 richard
2319 # Added some documentation on how the newblah works.
2320 #
2321 # Revision 1.11 2001/07/30 06:17:45 richard
2322 # Features:
2323 # . Added ability for cgi newblah forms to indicate that the new node
2324 # should be linked somewhere.
2325 # Fixed:
2326 # . Fixed the agument handling for the roundup-admin find command.
2327 # . Fixed handling of summary when no note supplied for newblah. Again.
2328 # . Fixed detection of no form in htmltemplate Field display.
2329 #
2330 # Revision 1.10 2001/07/30 02:37:34 richard
2331 # Temporary measure until we have decent schema migration...
2332 #
2333 # Revision 1.9 2001/07/30 01:25:07 richard
2334 # Default implementation is now "classic" rather than "extended" as one would
2335 # expect.
2336 #
2337 # Revision 1.8 2001/07/29 08:27:40 richard
2338 # Fixed handling of passed-in values in form elements (ie. during a
2339 # drill-down)
2340 #
2341 # Revision 1.7 2001/07/29 07:01:39 richard
2342 # Added vim command to all source so that we don't get no steenkin' tabs :)
2343 #
2344 # Revision 1.6 2001/07/29 04:04:00 richard
2345 # Moved some code around allowing for subclassing to change behaviour.
2346 #
2347 # Revision 1.5 2001/07/28 08:16:52 richard
2348 # New issue form handles lack of note better now.
2349 #
2350 # Revision 1.4 2001/07/28 00:34:34 richard
2351 # Fixed some non-string node ids.
2352 #
2353 # Revision 1.3 2001/07/23 03:56:30 richard
2354 # oops, missed a config removal
2355 #
2356 # Revision 1.2 2001/07/22 12:09:32 richard
2357 # Final commit of Grande Splite
2358 #
2359 # Revision 1.1 2001/07/22 11:58:35 richard
2360 # More Grande Splite
2361 #
2362 #
2363 # vim: set filetype=python ts=4 sw=4 et si