![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 #
2 # Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/)
3 # This module is free software, and you may redistribute it and/or modify
4 # under the same terms as Python, so long as this copyright message and
5 # disclaimer are retained in their original form.
6 #
7 # IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR
8 # DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
9 # OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE
10 # POSSIBILITY OF SUCH DAMAGE.
11 #
12 # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
13 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
14 # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS"
15 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
16 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
17 #
18 # $Id: cgi_client.py,v 1.118 2002-05-12 23:46:33 richard Exp $
20 __doc__ = """
21 WWW request handler (also used in the stand-alone server).
22 """
24 import os, cgi, StringIO, urlparse, re, traceback, mimetypes, urllib
25 import binascii, Cookie, time, random
27 import roundupdb, htmltemplate, date, hyperdb, password
28 from roundup.i18n import _
30 class Unauthorised(ValueError):
31 pass
33 class NotFound(ValueError):
34 pass
36 class Client:
37 '''
38 A note about login
39 ------------------
41 If the user has no login cookie, then they are anonymous. There
42 are two levels of anonymous use. If there is no 'anonymous' user, there
43 is no login at all and the database is opened in read-only mode. If the
44 'anonymous' user exists, the user is logged in using that user (though
45 there is no cookie). This allows them to modify the database, and all
46 modifications are attributed to the 'anonymous' user.
47 '''
49 def __init__(self, instance, request, env, form=None):
50 self.instance = instance
51 self.request = request
52 self.env = env
53 self.path = env['PATH_INFO']
54 self.split_path = self.path.split('/')
55 self.instance_path_name = env['INSTANCE_NAME']
56 url = self.env['SCRIPT_NAME'] + '/'
57 machine = self.env['SERVER_NAME']
58 port = self.env['SERVER_PORT']
59 if port != '80': machine = machine + ':' + port
60 self.base = urlparse.urlunparse(('http', env['HTTP_HOST'], url,
61 None, None, None))
63 if form is None:
64 self.form = cgi.FieldStorage(environ=env)
65 else:
66 self.form = form
67 self.headers_done = 0
68 try:
69 self.debug = int(env.get("ROUNDUP_DEBUG", 0))
70 except ValueError:
71 # someone gave us a non-int debug level, turn it off
72 self.debug = 0
74 def getuid(self):
75 return self.db.user.lookup(self.user)
77 def header(self, headers=None):
78 '''Put up the appropriate header.
79 '''
80 if headers is None:
81 headers = {'Content-Type':'text/html'}
82 if not headers.has_key('Content-Type'):
83 headers['Content-Type'] = 'text/html'
84 self.request.send_response(200)
85 for entry in headers.items():
86 self.request.send_header(*entry)
87 self.request.end_headers()
88 self.headers_done = 1
89 if self.debug:
90 self.headers_sent = headers
92 global_javascript = '''
93 <script language="javascript">
94 submitted = false;
95 function submit_once() {
96 if (submitted) {
97 alert("Your request is being processed.\\nPlease be patient.");
98 return 0;
99 }
100 submitted = true;
101 return 1;
102 }
104 function help_window(helpurl, width, height) {
105 HelpWin = window.open('%(base)s%(instance_path_name)s/' + helpurl, 'HelpWindow', 'scrollbars=yes,resizable=yes,toolbar=no,height='+height+',width='+width);
106 }
108 </script>
109 '''
110 def make_index_link(self, name):
111 '''Turn a configuration entry into a hyperlink...
112 '''
113 # get the link label and spec
114 spec = getattr(self.instance, name+'_INDEX')
116 d = {}
117 d[':sort'] = ','.join(map(urllib.quote, spec['SORT']))
118 d[':group'] = ','.join(map(urllib.quote, spec['GROUP']))
119 d[':filter'] = ','.join(map(urllib.quote, spec['FILTER']))
120 d[':columns'] = ','.join(map(urllib.quote, spec['COLUMNS']))
122 # snarf the filterspec
123 filterspec = spec['FILTERSPEC'].copy()
125 # now format the filterspec
126 for k, l in filterspec.items():
127 # fix up the assignedto if needed
128 if k == 'assignedto' and l is None:
129 l = [self.db.user.lookup(self.user)]
131 # add
132 d[urllib.quote(k)] = ','.join(map(urllib.quote, l))
134 # finally, format the URL
135 return '<a href="%s?%s">%s</a>'%(spec['CLASS'],
136 '&'.join([k+'='+v for k,v in d.items()]), spec['LABEL'])
139 def pagehead(self, title, message=None):
140 '''Display the page heading, with information about the tracker and
141 links to more information
142 '''
144 # include any important message
145 if message is not None:
146 message = _('<div class="system-msg">%(message)s</div>')%locals()
147 else:
148 message = ''
150 # style sheet (CSS)
151 style = open(os.path.join(self.instance.TEMPLATES, 'style.css')).read()
153 # figure who the user is
154 user_name = self.user or ''
155 if user_name not in ('', 'anonymous'):
156 userid = self.db.user.lookup(self.user)
157 else:
158 userid = None
160 # figure all the header links
161 if hasattr(self.instance, 'HEADER_INDEX_LINKS'):
162 links = []
163 for name in self.instance.HEADER_INDEX_LINKS:
164 spec = getattr(self.instance, name + '_INDEX')
165 # skip if we need to fill in the logged-in user id there's
166 # no user logged in
167 if (spec['FILTERSPEC'].has_key('assignedto') and
168 spec['FILTERSPEC']['assignedto'] is None and
169 userid is None):
170 continue
171 links.append(self.make_index_link(name))
172 else:
173 # no config spec - hard-code
174 links = [
175 _('All <a href="issue?status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>'),
176 _('Unassigned <a href="issue?assignedto=-1&status=-1,unread,deferred,chatting,need-eg,in-progress,testing,done-cbb&:sort=-activity&:filter=status,assignedto&:columns=id,activity,status,title,assignedto&:group=priority&show_customization=1">Issues</a>')
177 ]
179 # if they're logged in, include links to their information, and the
180 # ability to add an issue
181 if user_name not in ('', 'anonymous'):
182 user_info = _('''
183 <a href="user%(userid)s">My Details</a> | <a href="logout">Logout</a>
184 ''')%locals()
186 # figure the "add class" links
187 if hasattr(self.instance, 'HEADER_ADD_LINKS'):
188 classes = self.instance.HEADER_ADD_LINKS
189 else:
190 classes = ['issue']
191 l = []
192 for class_name in classes:
193 cap_class = class_name.capitalize()
194 links.append(_('Add <a href="new%(class_name)s">'
195 '%(cap_class)s</a>')%locals())
197 # if there's no config header link spec, force a user link here
198 if not hasattr(self.instance, 'HEADER_INDEX_LINKS'):
199 links.append(_('<a href="issue?assignedto=%(userid)s&status=-1,unread,chatting,open,pending&:filter=status,resolution,assignedto&:sort=-activity&:columns=id,activity,status,resolution,title,creator&:group=type&show_customization=1">My Issues</a>')%locals())
200 else:
201 user_info = _('<a href="login">Login</a>')
202 add_links = ''
204 # if the user is admin, include admin links
205 admin_links = ''
206 if user_name == 'admin':
207 links.append(_('<a href="list_classes">Class List</a>'))
208 links.append(_('<a href="user">User List</a>'))
209 links.append(_('<a href="newuser">Add User</a>'))
211 # now we have all the links, join 'em
212 links = '\n | '.join(links)
214 # include the javascript bit
215 global_javascript = self.global_javascript%self.__dict__
217 # finally, format the header
218 self.write(_('''<html><head>
219 <title>%(title)s</title>
220 <style type="text/css">%(style)s</style>
221 </head>
222 %(global_javascript)s
223 <body bgcolor=#ffffff>
224 %(message)s
225 <table width=100%% border=0 cellspacing=0 cellpadding=2>
226 <tr class="location-bar"><td><big><strong>%(title)s</strong></big></td>
227 <td align=right valign=bottom>%(user_name)s</td></tr>
228 <tr class="location-bar">
229 <td align=left>%(links)s</td>
230 <td align=right>%(user_info)s</td>
231 </table>
232 ''')%locals())
234 def pagefoot(self):
235 if self.debug:
236 self.write(_('<hr><small><dl><dt><b>Path</b></dt>'))
237 self.write('<dd>%s</dd>'%(', '.join(map(repr, self.split_path))))
238 keys = self.form.keys()
239 keys.sort()
240 if keys:
241 self.write(_('<dt><b>Form entries</b></dt>'))
242 for k in self.form.keys():
243 v = self.form.getvalue(k, "<empty>")
244 if type(v) is type([]):
245 # Multiple username fields specified
246 v = "|".join(v)
247 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
248 keys = self.headers_sent.keys()
249 keys.sort()
250 self.write(_('<dt><b>Sent these HTTP headers</b></dt>'))
251 for k in keys:
252 v = self.headers_sent[k]
253 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
254 keys = self.env.keys()
255 keys.sort()
256 self.write(_('<dt><b>CGI environment</b></dt>'))
257 for k in keys:
258 v = self.env[k]
259 self.write('<dd><em>%s</em>=%s</dd>'%(k, cgi.escape(v)))
260 self.write('</dl></small>')
261 self.write('</body></html>')
263 def write(self, content):
264 if not self.headers_done:
265 self.header()
266 self.request.wfile.write(content)
268 def index_arg(self, arg):
269 ''' handle the args to index - they might be a list from the form
270 (ie. submitted from a form) or they might be a command-separated
271 single string (ie. manually constructed GET args)
272 '''
273 if self.form.has_key(arg):
274 arg = self.form[arg]
275 if type(arg) == type([]):
276 return [arg.value for arg in arg]
277 return arg.value.split(',')
278 return []
280 def index_filterspec(self, filter):
281 ''' pull the index filter spec from the form
283 Links and multilinks want to be lists - the rest are straight
284 strings.
285 '''
286 props = self.db.classes[self.classname].getprops()
287 # all the form args not starting with ':' are filters
288 filterspec = {}
289 for key in self.form.keys():
290 if key[0] == ':': continue
291 if not props.has_key(key): continue
292 if key not in filter: continue
293 prop = props[key]
294 value = self.form[key]
295 if (isinstance(prop, hyperdb.Link) or
296 isinstance(prop, hyperdb.Multilink)):
297 if type(value) == type([]):
298 value = [arg.value for arg in value]
299 else:
300 value = value.value.split(',')
301 l = filterspec.get(key, [])
302 l = l + value
303 filterspec[key] = l
304 else:
305 filterspec[key] = value.value
306 return filterspec
308 def customization_widget(self):
309 ''' The customization widget is visible by default. The widget
310 visibility is remembered by show_customization. Visibility
311 is not toggled if the action value is "Redisplay"
312 '''
313 if not self.form.has_key('show_customization'):
314 visible = 1
315 else:
316 visible = int(self.form['show_customization'].value)
317 if self.form.has_key('action'):
318 if self.form['action'].value != 'Redisplay':
319 visible = self.form['action'].value == '+'
321 return visible
323 # TODO: make this go away some day...
324 default_index_sort = ['-activity']
325 default_index_group = ['priority']
326 default_index_filter = ['status']
327 default_index_columns = ['id','activity','title','status','assignedto']
328 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
330 def index(self):
331 ''' put up an index - no class specified
332 '''
333 # see if the web has supplied us with any customisation info
334 defaults = 1
335 for key in ':sort', ':group', ':filter', ':columns':
336 if self.form.has_key(key):
337 defaults = 0
338 break
339 if defaults:
340 # try the instance config first
341 if hasattr(self.instance, 'DEFAULT_INDEX'):
342 d = self.instance.DEFAULT_INDEX
343 self.classname = d['CLASS']
344 sort = d['SORT']
345 group = d['GROUP']
346 filter = d['FILTER']
347 columns = d['COLUMNS']
348 filterspec = d['FILTERSPEC']
350 else:
351 # nope - fall back on the old way of doing it
352 self.classname = 'issue'
353 sort = self.default_index_sort
354 group = self.default_index_group
355 filter = self.default_index_filter
356 columns = self.default_index_columns
357 filterspec = self.default_index_filterspec
358 else:
359 # make list() extract the info from the CGI environ
360 self.classname = 'issue'
361 sort = group = filter = columns = filterspec = None
362 return self.list(columns=columns, filter=filter, group=group,
363 sort=sort, filterspec=filterspec)
365 # XXX deviates from spec - loses the '+' (that's a reserved character
366 # in URLS
367 def list(self, sort=None, group=None, filter=None, columns=None,
368 filterspec=None, show_customization=None):
369 ''' call the template index with the args
371 :sort - sort by prop name, optionally preceeded with '-'
372 to give descending or nothing for ascending sorting.
373 :group - group by prop name, optionally preceeded with '-' or
374 to sort in descending or nothing for ascending order.
375 :filter - selects which props should be displayed in the filter
376 section. Default is all.
377 :columns - selects the columns that should be displayed.
378 Default is all.
380 '''
381 cn = self.classname
382 cl = self.db.classes[cn]
383 self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
384 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
385 if sort is None: sort = self.index_arg(':sort')
386 if group is None: group = self.index_arg(':group')
387 if filter is None: filter = self.index_arg(':filter')
388 if columns is None: columns = self.index_arg(':columns')
389 if filterspec is None: filterspec = self.index_filterspec(filter)
390 if show_customization is None:
391 show_customization = self.customization_widget()
393 index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
394 try:
395 index.render(filterspec, filter, columns, sort, group,
396 show_customization=show_customization)
397 except htmltemplate.MissingTemplateError:
398 self.basicClassEditPage()
399 self.pagefoot()
401 def basicClassEditPage(self):
402 '''Display a basic edit page that allows simple editing of the
403 nodes of the current class
404 '''
405 if self.user != 'admin':
406 raise Unauthorised
407 w = self.write
408 cn = self.classname
409 cl = self.db.classes[cn]
410 idlessprops = cl.getprops(protected=0).keys()
411 props = ['id'] + idlessprops
414 # get the CSV module
415 try:
416 import csv
417 except ImportError:
418 w(_('Sorry, you need the csv module to use this function.<br>\n'
419 'Get it from: <a href="http://www.object-craft.com.au/projects/csv/">http://www.object-craft.com.au/projects/csv/'))
420 return
422 # do the edit
423 if self.form.has_key('rows'):
424 rows = self.form['rows'].value.splitlines()
425 p = csv.parser()
426 found = {}
427 line = 0
428 for row in rows:
429 line += 1
430 values = p.parse(row)
431 # not a complete row, keep going
432 if not values: continue
434 # extract the nodeid
435 nodeid, values = values[0], values[1:]
436 found[nodeid] = 1
438 # confirm correct weight
439 if len(idlessprops) != len(values):
440 w(_('Not enough values on line %(line)s'%{'line':line}))
441 return
443 # extract the new values
444 d = {}
445 for name, value in zip(idlessprops, values):
446 d[name] = value.strip()
448 # perform the edit
449 if cl.hasnode(nodeid):
450 # edit existing
451 cl.set(nodeid, **d)
452 else:
453 # new node
454 found[cl.create(**d)] = 1
456 # retire the removed entries
457 for nodeid in cl.list():
458 if not found.has_key(nodeid):
459 cl.retire(nodeid)
461 w(_('''<p class="form-help">You may edit the contents of the
462 "%(classname)s" class using this form. The lines are full-featured
463 Comma-Separated-Value lines, so you may include commas and even
464 newlines by enclosing the values in double-quotes ("). Double
465 quotes themselves must be quoted by doubling ("").</p>
466 <p class="form-help">Remove entries by deleting their line. Add
467 new entries by appending
468 them to the table - put an X in the id column.</p>''')%{'classname':cn})
470 l = []
471 for name in props:
472 l.append(name)
473 w('<tt>')
474 w(', '.join(l) + '\n')
475 w('</tt>')
477 w('<form onSubmit="return submit_once()" method="POST">')
478 w('<textarea name="rows" cols=80 rows=15>')
479 p = csv.parser()
480 for nodeid in cl.list():
481 l = []
482 for name in props:
483 l.append(cgi.escape(str(cl.get(nodeid, name))))
484 w(p.join(l) + '\n')
486 w(_('</textarea><br><input type="submit" value="Save Changes"></form>'))
488 def classhelp(self):
489 '''Display a table of class info
490 '''
491 w = self.write
492 cn = self.form['classname'].value
493 cl = self.db.classes[cn]
494 props = self.form['properties'].value.split(',')
496 w('<table border=1 cellspacing=0 cellpaddin=2>')
497 w('<tr>')
498 for name in props:
499 w('<th align=left>%s</th>'%name)
500 w('</tr>')
501 for nodeid in cl.list():
502 w('<tr>')
503 for name in props:
504 value = cgi.escape(str(cl.get(nodeid, name)))
505 w('<td align="left" valign="top">%s</td>'%value)
506 w('</tr>')
507 w('</table>')
509 def shownode(self, message=None):
510 ''' display an item
511 '''
512 cn = self.classname
513 cl = self.db.classes[cn]
515 # possibly perform an edit
516 keys = self.form.keys()
517 num_re = re.compile('^\d+$')
518 # don't try to set properties if the user has just logged in
519 if keys and not self.form.has_key('__login_name'):
520 try:
521 props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
522 # make changes to the node
523 self._changenode(props)
524 # handle linked nodes
525 self._post_editnode(self.nodeid)
526 # and some nice feedback for the user
527 if props:
528 message = _('%(changes)s edited ok')%{'changes':
529 ', '.join(props.keys())}
530 elif self.form.has_key('__note') and self.form['__note'].value:
531 message = _('note added')
532 elif (self.form.has_key('__file') and
533 self.form['__file'].filename):
534 message = _('file added')
535 else:
536 message = _('nothing changed')
537 except:
538 self.db.rollback()
539 s = StringIO.StringIO()
540 traceback.print_exc(None, s)
541 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
543 # now the display
544 id = self.nodeid
545 if cl.getkey():
546 id = cl.get(id, cl.getkey())
547 self.pagehead('%s: %s'%(self.classname.capitalize(), id), message)
549 nodeid = self.nodeid
551 # use the template to display the item
552 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
553 self.classname)
554 item.render(nodeid)
556 self.pagefoot()
557 showissue = shownode
558 showmsg = shownode
560 def _add_author_to_nosy(self, props):
561 ''' add the author value from the props to the nosy list
562 '''
563 if not props.has_key('author'):
564 return
565 author_id = props['author']
566 if not props.has_key('nosy'):
567 # load current nosy
568 if self.nodeid:
569 cl = self.db.classes[self.classname]
570 l = cl.get(self.nodeid, 'nosy')
571 if author_id in l:
572 return
573 props['nosy'] = l
574 else:
575 props['nosy'] = []
576 if author_id not in props['nosy']:
577 props['nosy'].append(author_id)
579 def _add_assignedto_to_nosy(self, props):
580 ''' add the assignedto value from the props to the nosy list
581 '''
582 if not props.has_key('assignedto'):
583 return
584 assignedto_id = props['assignedto']
585 if not props.has_key('nosy'):
586 # load current nosy
587 if self.nodeid:
588 cl = self.db.classes[self.classname]
589 l = cl.get(self.nodeid, 'nosy')
590 if assignedto_id in l:
591 return
592 props['nosy'] = l
593 else:
594 props['nosy'] = []
595 if assignedto_id not in props['nosy']:
596 props['nosy'].append(assignedto_id)
598 def _changenode(self, props):
599 ''' change the node based on the contents of the form
600 '''
601 cl = self.db.classes[self.classname]
602 # set status to chatting if 'unread' or 'resolved'
603 try:
604 # determine the id of 'unread','resolved' and 'chatting'
605 unread_id = self.db.status.lookup('unread')
606 resolved_id = self.db.status.lookup('resolved')
607 chatting_id = self.db.status.lookup('chatting')
608 current_status = cl.get(self.nodeid, 'status')
609 if props.has_key('status'):
610 new_status = props['status']
611 else:
612 # apparently there's a chance that some browsers don't
613 # send status...
614 new_status = current_status
615 except KeyError:
616 pass
617 else:
618 if new_status == unread_id or (new_status == resolved_id
619 and current_status == resolved_id):
620 props['status'] = chatting_id
622 self._add_assignedto_to_nosy(props)
624 # possibly add the author of the change to the nosy list
625 if self.db.config.ADD_AUTHOR_TO_NOSY == 'yes':
626 self._add_author_to_nosy(props)
628 # create the message
629 message, files = self._handle_message()
630 if message:
631 props['messages'] = cl.get(self.nodeid, 'messages') + [message]
632 if files:
633 props['files'] = cl.get(self.nodeid, 'files') + files
635 # make the changes
636 cl.set(self.nodeid, **props)
638 def _createnode(self):
639 ''' create a node based on the contents of the form
640 '''
641 cl = self.db.classes[self.classname]
642 props = parsePropsFromForm(self.db, cl, self.form)
644 # set status to 'unread' if not specified - a status of '- no
645 # selection -' doesn't make sense
646 if not props.has_key('status') and cl.getprops().has_key('status'):
647 try:
648 unread_id = self.db.status.lookup('unread')
649 except KeyError:
650 pass
651 else:
652 props['status'] = unread_id
654 self._add_assignedto_to_nosy(props)
656 # possibly add the author of the new node to the nosy list
657 if self.db.config.ADD_AUTHOR_TO_NOSY in ('new', 'yes'):
658 self._add_author_to_nosy(props)
660 # check for messages and files
661 message, files = self._handle_message()
662 if message:
663 props['messages'] = [message]
664 if files:
665 props['files'] = files
666 # create the node and return it's id
667 return cl.create(**props)
669 def _handle_message(self):
670 ''' generate an edit message
671 '''
672 # handle file attachments
673 files = []
674 if self.form.has_key('__file'):
675 file = self.form['__file']
676 if file.filename:
677 filename = file.filename.split('\\')[-1]
678 mime_type = mimetypes.guess_type(filename)[0]
679 if not mime_type:
680 mime_type = "application/octet-stream"
681 # create the new file entry
682 files.append(self.db.file.create(type=mime_type,
683 name=filename, content=file.file.read()))
685 # we don't want to do a message if none of the following is true...
686 cn = self.classname
687 cl = self.db.classes[self.classname]
688 props = cl.getprops()
689 note = None
690 # in a nutshell, don't do anything if there's no note or there's no
691 # NOSY
692 if self.form.has_key('__note'):
693 note = self.form['__note'].value.strip()
694 if not note:
695 return None, files
696 if not props.has_key('messages'):
697 return None, files
698 if not isinstance(props['messages'], hyperdb.Multilink):
699 return None, files
700 if not props['messages'].classname == 'msg':
701 return None, files
702 if not (self.form.has_key('nosy') or note):
703 return None, files
705 # handle the note
706 if '\n' in note:
707 summary = re.split(r'\n\r?', note)[0]
708 else:
709 summary = note
710 m = ['%s\n'%note]
712 # handle the messageid
713 # TODO: handle inreplyto
714 messageid = "<%s.%s.%s@%s>"%(time.time(), random.random(),
715 self.classname, self.instance.MAIL_DOMAIN)
717 # now create the message, attaching the files
718 content = '\n'.join(m)
719 message_id = self.db.msg.create(author=self.getuid(),
720 recipients=[], date=date.Date('.'), summary=summary,
721 content=content, files=files, messageid=messageid)
723 # update the messages property
724 return message_id, files
726 def _post_editnode(self, nid):
727 '''Do the linking part of the node creation.
729 If a form element has :link or :multilink appended to it, its
730 value specifies a node designator and the property on that node
731 to add _this_ node to as a link or multilink.
733 This is typically used on, eg. the file upload page to indicated
734 which issue to link the file to.
736 TODO: I suspect that this and newfile will go away now that
737 there's the ability to upload a file using the issue __file form
738 element!
739 '''
740 cn = self.classname
741 cl = self.db.classes[cn]
742 # link if necessary
743 keys = self.form.keys()
744 for key in keys:
745 if key == ':multilink':
746 value = self.form[key].value
747 if type(value) != type([]): value = [value]
748 for value in value:
749 designator, property = value.split(':')
750 link, nodeid = roundupdb.splitDesignator(designator)
751 link = self.db.classes[link]
752 value = link.get(nodeid, property)
753 value.append(nid)
754 link.set(nodeid, **{property: value})
755 elif key == ':link':
756 value = self.form[key].value
757 if type(value) != type([]): value = [value]
758 for value in value:
759 designator, property = value.split(':')
760 link, nodeid = roundupdb.splitDesignator(designator)
761 link = self.db.classes[link]
762 link.set(nodeid, **{property: nid})
764 def newnode(self, message=None):
765 ''' Add a new node to the database.
767 The form works in two modes: blank form and submission (that is,
768 the submission goes to the same URL). **Eventually this means that
769 the form will have previously entered information in it if
770 submission fails.
772 The new node will be created with the properties specified in the
773 form submission. For multilinks, multiple form entries are handled,
774 as are prop=value,value,value. You can't mix them though.
776 If the new node is to be referenced from somewhere else immediately
777 (ie. the new node is a file that is to be attached to a support
778 issue) then supply one of these arguments in addition to the usual
779 form entries:
780 :link=designator:property
781 :multilink=designator:property
782 ... which means that once the new node is created, the "property"
783 on the node given by "designator" should now reference the new
784 node's id. The node id will be appended to the multilink.
785 '''
786 cn = self.classname
787 cl = self.db.classes[cn]
789 # possibly perform a create
790 keys = self.form.keys()
791 if [i for i in keys if i[0] != ':']:
792 props = {}
793 try:
794 nid = self._createnode()
795 # handle linked nodes
796 self._post_editnode(nid)
797 # and some nice feedback for the user
798 message = _('%(classname)s created ok')%{'classname': cn}
800 # render the newly created issue
801 self.db.commit()
802 self.nodeid = nid
803 self.pagehead('%s: %s'%(self.classname.capitalize(), nid),
804 message)
805 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES,
806 self.classname)
807 item.render(nid)
808 self.pagefoot()
809 return
810 except:
811 self.db.rollback()
812 s = StringIO.StringIO()
813 traceback.print_exc(None, s)
814 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
815 self.pagehead(_('New %(classname)s')%{'classname':
816 self.classname.capitalize()}, message)
818 # call the template
819 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
820 self.classname)
821 newitem.render(self.form)
823 self.pagefoot()
824 newissue = newnode
826 def newuser(self, message=None):
827 ''' Add a new user to the database.
829 Don't do any of the message or file handling, just create the node.
830 '''
831 cn = self.classname
832 cl = self.db.classes[cn]
834 # possibly perform a create
835 keys = self.form.keys()
836 if [i for i in keys if i[0] != ':']:
837 try:
838 props = parsePropsFromForm(self.db, cl, self.form)
839 nid = cl.create(**props)
840 # handle linked nodes
841 self._post_editnode(nid)
842 # and some nice feedback for the user
843 message = _('%(classname)s created ok')%{'classname': cn}
844 except:
845 self.db.rollback()
846 s = StringIO.StringIO()
847 traceback.print_exc(None, s)
848 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
849 self.pagehead(_('New %(classname)s')%{'classname':
850 self.classname.capitalize()}, message)
852 # call the template
853 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
854 self.classname)
855 newitem.render(self.form)
857 self.pagefoot()
859 def newfile(self, message=None):
860 ''' Add a new file to the database.
862 This form works very much the same way as newnode - it just has a
863 file upload.
864 '''
865 cn = self.classname
866 cl = self.db.classes[cn]
868 # possibly perform a create
869 keys = self.form.keys()
870 if [i for i in keys if i[0] != ':']:
871 try:
872 file = self.form['content']
873 mime_type = mimetypes.guess_type(file.filename)[0]
874 if not mime_type:
875 mime_type = "application/octet-stream"
876 # save the file
877 nid = cl.create(content=file.file.read(), type=mime_type,
878 name=file.filename)
879 # handle linked nodes
880 self._post_editnode(nid)
881 # and some nice feedback for the user
882 message = _('%(classname)s created ok')%{'classname': cn}
883 except:
884 self.db.rollback()
885 s = StringIO.StringIO()
886 traceback.print_exc(None, s)
887 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
889 self.pagehead(_('New %(classname)s')%{'classname':
890 self.classname.capitalize()}, message)
891 newitem = htmltemplate.NewItemTemplate(self, self.instance.TEMPLATES,
892 self.classname)
893 newitem.render(self.form)
894 self.pagefoot()
896 def showuser(self, message=None):
897 '''Display a user page for editing. Make sure the user is allowed
898 to edit this node, and also check for password changes.
899 '''
900 if self.user == 'anonymous':
901 raise Unauthorised
903 user = self.db.user
905 # get the username of the node being edited
906 node_user = user.get(self.nodeid, 'username')
908 if self.user not in ('admin', node_user):
909 raise Unauthorised
911 #
912 # perform any editing
913 #
914 keys = self.form.keys()
915 num_re = re.compile('^\d+$')
916 if keys:
917 try:
918 props = parsePropsFromForm(self.db, user, self.form,
919 self.nodeid)
920 set_cookie = 0
921 if props.has_key('password'):
922 password = self.form['password'].value.strip()
923 if not password:
924 # no password was supplied - don't change it
925 del props['password']
926 elif self.nodeid == self.getuid():
927 # this is the logged-in user's password
928 set_cookie = password
929 user.set(self.nodeid, **props)
930 # and some feedback for the user
931 message = _('%(changes)s edited ok')%{'changes':
932 ', '.join(props.keys())}
933 except:
934 self.db.rollback()
935 s = StringIO.StringIO()
936 traceback.print_exc(None, s)
937 message = '<pre>%s</pre>'%cgi.escape(s.getvalue())
938 else:
939 set_cookie = 0
941 # fix the cookie if the password has changed
942 if set_cookie:
943 self.set_cookie(self.user, set_cookie)
945 #
946 # now the display
947 #
948 self.pagehead(_('User: %(user)s')%{'user': node_user}, message)
950 # use the template to display the item
951 item = htmltemplate.ItemTemplate(self, self.instance.TEMPLATES, 'user')
952 item.render(self.nodeid)
953 self.pagefoot()
955 def showfile(self):
956 ''' display a file
957 '''
958 nodeid = self.nodeid
959 cl = self.db.file
960 mime_type = cl.get(nodeid, 'type')
961 if mime_type == 'message/rfc822':
962 mime_type = 'text/plain'
963 self.header(headers={'Content-Type': mime_type})
964 self.write(cl.get(nodeid, 'content'))
966 def classes(self, message=None):
967 ''' display a list of all the classes in the database
968 '''
969 if self.user == 'admin':
970 self.pagehead(_('Table of classes'), message)
971 classnames = self.db.classes.keys()
972 classnames.sort()
973 self.write('<table border=0 cellspacing=0 cellpadding=2>\n')
974 for cn in classnames:
975 cl = self.db.getclass(cn)
976 self.write('<tr class="list-header"><th colspan=2 align=left>'
977 '<a href="%s">%s</a></th></tr>'%(cn, cn.capitalize()))
978 for key, value in cl.properties.items():
979 if value is None: value = ''
980 else: value = str(value)
981 self.write('<tr><th align=left>%s</th><td>%s</td></tr>'%(
982 key, cgi.escape(value)))
983 self.write('</table>')
984 self.pagefoot()
985 else:
986 raise Unauthorised
988 def login(self, message=None, newuser_form=None, action='index'):
989 '''Display a login page.
990 '''
991 self.pagehead(_('Login to roundup'), message)
992 self.write(_('''
993 <table>
994 <tr><td colspan=2 class="strong-header">Existing User Login</td></tr>
995 <form onSubmit="return submit_once()" action="login_action" method=POST>
996 <input type="hidden" name="__destination_url" value="%(action)s">
997 <tr><td align=right>Login name: </td>
998 <td><input name="__login_name"></td></tr>
999 <tr><td align=right>Password: </td>
1000 <td><input type="password" name="__login_password"></td></tr>
1001 <tr><td></td>
1002 <td><input type="submit" value="Log In"></td></tr>
1003 </form>
1004 ''')%locals())
1005 if self.user is None and self.instance.ANONYMOUS_REGISTER == 'deny':
1006 self.write('</table>')
1007 self.pagefoot()
1008 return
1009 values = {'realname': '', 'organisation': '', 'address': '',
1010 'phone': '', 'username': '', 'password': '', 'confirm': '',
1011 'action': action, 'alternate_addresses': ''}
1012 if newuser_form is not None:
1013 for key in newuser_form.keys():
1014 values[key] = newuser_form[key].value
1015 self.write(_('''
1016 <p>
1017 <tr><td colspan=2 class="strong-header">New User Registration</td></tr>
1018 <tr><td colspan=2><em>marked items</em> are optional...</td></tr>
1019 <form onSubmit="return submit_once()" action="newuser_action" method=POST>
1020 <input type="hidden" name="__destination_url" value="%(action)s">
1021 <tr><td align=right><em>Name: </em></td>
1022 <td><input name="realname" value="%(realname)s" size=40></td></tr>
1023 <tr><td align=right><em>Organisation: </em></td>
1024 <td><input name="organisation" value="%(organisation)s" size=40></td></tr>
1025 <tr><td align=right>E-Mail Address: </td>
1026 <td><input name="address" value="%(address)s" size=40></td></tr>
1027 <tr><td align=right><em>Alternate E-mail Addresses: </em></td>
1028 <td><textarea name="alternate_addresses" rows=5 cols=40>%(alternate_addresses)s</textarea></td></tr>
1029 <tr><td align=right><em>Phone: </em></td>
1030 <td><input name="phone" value="%(phone)s"></td></tr>
1031 <tr><td align=right>Preferred Login name: </td>
1032 <td><input name="username" value="%(username)s"></td></tr>
1033 <tr><td align=right>Password: </td>
1034 <td><input type="password" name="password" value="%(password)s"></td></tr>
1035 <tr><td align=right>Password Again: </td>
1036 <td><input type="password" name="confirm" value="%(confirm)s"></td></tr>
1037 <tr><td></td>
1038 <td><input type="submit" value="Register"></td></tr>
1039 </form>
1040 </table>
1041 ''')%values)
1042 self.pagefoot()
1044 def login_action(self, message=None):
1045 '''Attempt to log a user in and set the cookie
1047 returns 0 if a page is generated as a result of this call, and
1048 1 if not (ie. the login is successful
1049 '''
1050 if not self.form.has_key('__login_name'):
1051 self.login(message=_('Username required'))
1052 return 0
1053 self.user = self.form['__login_name'].value
1054 if self.form.has_key('__login_password'):
1055 password = self.form['__login_password'].value
1056 else:
1057 password = ''
1058 # make sure the user exists
1059 try:
1060 uid = self.db.user.lookup(self.user)
1061 except KeyError:
1062 name = self.user
1063 self.make_user_anonymous()
1064 action = self.form['__destination_url'].value
1065 self.login(message=_('No such user "%(name)s"')%locals(),
1066 action=action)
1067 return 0
1069 # and that the password is correct
1070 pw = self.db.user.get(uid, 'password')
1071 if password != pw:
1072 self.make_user_anonymous()
1073 action = self.form['__destination_url'].value
1074 self.login(message=_('Incorrect password'), action=action)
1075 return 0
1077 self.set_cookie(self.user, password)
1078 return 1
1080 def newuser_action(self, message=None):
1081 '''Attempt to create a new user based on the contents of the form
1082 and then set the cookie.
1084 return 1 on successful login
1085 '''
1086 # re-open the database as "admin"
1087 self.db = self.instance.open('admin')
1089 # TODO: pre-check the required fields and username key property
1090 cl = self.db.user
1091 try:
1092 props = parsePropsFromForm(self.db, cl, self.form)
1093 uid = cl.create(**props)
1094 except ValueError, message:
1095 action = self.form['__destination_url'].value
1096 self.login(message, action=action)
1097 return 0
1098 self.user = cl.get(uid, 'username')
1099 password = cl.get(uid, 'password')
1100 self.set_cookie(self.user, self.form['password'].value)
1101 return 1
1103 def set_cookie(self, user, password):
1104 # construct the cookie
1105 user = binascii.b2a_base64('%s:%s'%(user, password)).strip()
1106 if user[-1] == '=':
1107 if user[-2] == '=':
1108 user = user[:-2]
1109 else:
1110 user = user[:-1]
1111 expire = Cookie._getdate(86400*365)
1112 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME']))
1113 self.header({'Set-Cookie': 'roundup_user=%s; expires=%s; Path=%s;' % (
1114 user, expire, path)})
1116 def make_user_anonymous(self):
1117 # make us anonymous if we can
1118 try:
1119 self.db.user.lookup('anonymous')
1120 self.user = 'anonymous'
1121 except KeyError:
1122 self.user = None
1124 def logout(self, message=None):
1125 self.make_user_anonymous()
1126 # construct the logout cookie
1127 now = Cookie._getdate()
1128 path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME']))
1129 self.header({'Set-Cookie':
1130 'roundup_user=deleted; Max-Age=0; expires=%s; Path=%s;'%(now,
1131 path)})
1132 self.login()
1134 def main(self):
1135 '''Wrap the database accesses so we can close the database cleanly
1136 '''
1137 # determine the uid to use
1138 self.db = self.instance.open('admin')
1139 cookie = Cookie.Cookie(self.env.get('HTTP_COOKIE', ''))
1140 user = 'anonymous'
1141 if (cookie.has_key('roundup_user') and
1142 cookie['roundup_user'].value != 'deleted'):
1143 cookie = cookie['roundup_user'].value
1144 if len(cookie)%4:
1145 cookie = cookie + '='*(4-len(cookie)%4)
1146 try:
1147 user, password = binascii.a2b_base64(cookie).split(':')
1148 except (TypeError, binascii.Error, binascii.Incomplete):
1149 # damaged cookie!
1150 user, password = 'anonymous', ''
1152 # make sure the user exists
1153 try:
1154 uid = self.db.user.lookup(user)
1155 # now validate the password
1156 if password != self.db.user.get(uid, 'password'):
1157 user = 'anonymous'
1158 except KeyError:
1159 user = 'anonymous'
1161 # make sure the anonymous user is valid if we're using it
1162 if user == 'anonymous':
1163 self.make_user_anonymous()
1164 else:
1165 self.user = user
1167 # re-open the database for real, using the user
1168 self.db = self.instance.open(self.user)
1170 # now figure which function to call
1171 path = self.split_path
1173 # default action to index if the path has no information in it
1174 if not path or path[0] in ('', 'index'):
1175 action = 'index'
1176 else:
1177 action = path[0]
1179 # Everthing ignores path[1:]
1180 # - The file download link generator actually relies on this - it
1181 # appends the name of the file to the URL so the download file name
1182 # is correct, but doesn't actually use it.
1184 # everyone is allowed to try to log in
1185 if action == 'login_action':
1186 # try to login
1187 if not self.login_action():
1188 return
1189 # figure the resulting page
1190 action = self.form['__destination_url'].value
1191 if not action:
1192 action = 'index'
1193 self.do_action(action)
1194 return
1196 # allow anonymous people to register
1197 if action == 'newuser_action':
1198 # if we don't have a login and anonymous people aren't allowed to
1199 # register, then spit up the login form
1200 if self.instance.ANONYMOUS_REGISTER == 'deny' and self.user is None:
1201 if action == 'login':
1202 self.login() # go to the index after login
1203 else:
1204 self.login(action=action)
1205 return
1206 # try to add the user
1207 if not self.newuser_action():
1208 return
1209 # figure the resulting page
1210 action = self.form['__destination_url'].value
1211 if not action:
1212 action = 'index'
1214 # no login or registration, make sure totally anonymous access is OK
1215 elif self.instance.ANONYMOUS_ACCESS == 'deny' and self.user is None:
1216 if action == 'login':
1217 self.login() # go to the index after login
1218 else:
1219 self.login(action=action)
1220 return
1222 # just a regular action
1223 self.do_action(action)
1225 # commit all changes to the database
1226 self.db.commit()
1228 def do_action(self, action, dre=re.compile(r'([^\d]+)(\d+)'),
1229 nre=re.compile(r'new(\w+)')):
1230 '''Figure the user's action and do it.
1231 '''
1232 # here be the "normal" functionality
1233 if action == 'index':
1234 self.index()
1235 return
1236 if action == 'list_classes':
1237 self.classes()
1238 return
1239 if action == 'classhelp':
1240 self.classhelp()
1241 return
1242 if action == 'login':
1243 self.login()
1244 return
1245 if action == 'logout':
1246 self.logout()
1247 return
1249 # see if we're to display an existing node
1250 m = dre.match(action)
1251 if m:
1252 self.classname = m.group(1)
1253 self.nodeid = m.group(2)
1254 try:
1255 cl = self.db.classes[self.classname]
1256 except KeyError:
1257 raise NotFound
1258 try:
1259 cl.get(self.nodeid, 'id')
1260 except IndexError:
1261 raise NotFound
1262 try:
1263 func = getattr(self, 'show%s'%self.classname)
1264 except AttributeError:
1265 raise NotFound
1266 func()
1267 return
1269 # see if we're to put up the new node page
1270 m = nre.match(action)
1271 if m:
1272 self.classname = m.group(1)
1273 try:
1274 func = getattr(self, 'new%s'%self.classname)
1275 except AttributeError:
1276 raise NotFound
1277 func()
1278 return
1280 # otherwise, display the named class
1281 self.classname = action
1282 try:
1283 self.db.getclass(self.classname)
1284 except KeyError:
1285 raise NotFound
1286 self.list()
1289 class ExtendedClient(Client):
1290 '''Includes pages and page heading information that relate to the
1291 extended schema.
1292 '''
1293 showsupport = Client.shownode
1294 showtimelog = Client.shownode
1295 newsupport = Client.newnode
1296 newtimelog = Client.newnode
1298 default_index_sort = ['-activity']
1299 default_index_group = ['priority']
1300 default_index_filter = ['status']
1301 default_index_columns = ['activity','status','title','assignedto']
1302 default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
1304 def parsePropsFromForm(db, cl, form, nodeid=0):
1305 '''Pull properties for the given class out of the form.
1306 '''
1307 props = {}
1308 keys = form.keys()
1309 num_re = re.compile('^\d+$')
1310 for key in keys:
1311 if not cl.properties.has_key(key):
1312 continue
1313 proptype = cl.properties[key]
1314 if isinstance(proptype, hyperdb.String):
1315 value = form[key].value.strip()
1316 elif isinstance(proptype, hyperdb.Password):
1317 value = password.Password(form[key].value.strip())
1318 elif isinstance(proptype, hyperdb.Date):
1319 value = form[key].value.strip()
1320 if value:
1321 value = date.Date(form[key].value.strip())
1322 else:
1323 value = None
1324 elif isinstance(proptype, hyperdb.Interval):
1325 value = form[key].value.strip()
1326 if value:
1327 value = date.Interval(form[key].value.strip())
1328 else:
1329 value = None
1330 elif isinstance(proptype, hyperdb.Link):
1331 value = form[key].value.strip()
1332 # see if it's the "no selection" choice
1333 if value == '-1':
1334 # don't set this property
1335 continue
1336 else:
1337 # handle key values
1338 link = cl.properties[key].classname
1339 if not num_re.match(value):
1340 try:
1341 value = db.classes[link].lookup(value)
1342 except KeyError:
1343 raise ValueError, _('property "%(propname)s": '
1344 '%(value)s not a %(classname)s')%{'propname':key,
1345 'value': value, 'classname': link}
1346 elif isinstance(proptype, hyperdb.Multilink):
1347 value = form[key]
1348 if type(value) != type([]):
1349 value = [i.strip() for i in value.value.split(',')]
1350 else:
1351 value = [i.value.strip() for i in value]
1352 link = cl.properties[key].classname
1353 l = []
1354 for entry in map(str, value):
1355 if entry == '': continue
1356 if not num_re.match(entry):
1357 try:
1358 entry = db.classes[link].lookup(entry)
1359 except KeyError:
1360 raise ValueError, _('property "%(propname)s": '
1361 '"%(value)s" not an entry of %(classname)s')%{
1362 'propname':key, 'value': entry, 'classname': link}
1363 l.append(entry)
1364 l.sort()
1365 value = l
1367 # get the old value
1368 if nodeid:
1369 try:
1370 existing = cl.get(nodeid, key)
1371 except KeyError:
1372 # this might be a new property for which there is no existing
1373 # value
1374 if not cl.properties.has_key(key): raise
1376 # if changed, set it
1377 if value != existing:
1378 props[key] = value
1379 else:
1380 props[key] = value
1381 return props
1383 #
1384 # $Log: not supported by cvs2svn $
1385 # Revision 1.117 2002/05/12 23:42:29 richard
1386 # ehem
1387 #
1388 # Revision 1.116 2002/05/02 08:07:49 richard
1389 # Added the ADD_AUTHOR_TO_NOSY handling to the CGI interface.
1390 #
1391 # Revision 1.115 2002/04/02 01:56:10 richard
1392 # . stop sending blank (whitespace-only) notes
1393 #
1394 # Revision 1.114 2002/03/17 23:06:05 richard
1395 # oops
1396 #
1397 # Revision 1.113 2002/03/14 23:59:24 richard
1398 # . #517734 ] web header customisation is obscure
1399 #
1400 # Revision 1.112 2002/03/12 22:52:26 richard
1401 # more pychecker warnings removed
1402 #
1403 # Revision 1.111 2002/02/25 04:32:21 richard
1404 # ahem
1405 #
1406 # Revision 1.110 2002/02/21 07:19:08 richard
1407 # ... and label, width and height control for extra flavour!
1408 #
1409 # Revision 1.109 2002/02/21 07:08:19 richard
1410 # oops
1411 #
1412 # Revision 1.108 2002/02/21 07:02:54 richard
1413 # The correct var is "HTTP_HOST"
1414 #
1415 # Revision 1.107 2002/02/21 06:57:38 richard
1416 # . Added popup help for classes using the classhelp html template function.
1417 # - add <display call="classhelp('priority', 'id,name,description')">
1418 # to an item page, and it generates a link to a popup window which displays
1419 # the id, name and description for the priority class. The description
1420 # field won't exist in most installations, but it will be added to the
1421 # default templates.
1422 #
1423 # Revision 1.106 2002/02/21 06:23:00 richard
1424 # *** empty log message ***
1425 #
1426 # Revision 1.105 2002/02/20 05:52:10 richard
1427 # better error handling
1428 #
1429 # Revision 1.104 2002/02/20 05:45:17 richard
1430 # Use the csv module for generating the form entry so it's correct.
1431 # [also noted the sf.net feature request id in the change log]
1432 #
1433 # Revision 1.103 2002/02/20 05:05:28 richard
1434 # . Added simple editing for classes that don't define a templated interface.
1435 # - access using the admin "class list" interface
1436 # - limited to admin-only
1437 # - requires the csv module from object-craft (url given if it's missing)
1438 #
1439 # Revision 1.102 2002/02/15 07:08:44 richard
1440 # . Alternate email addresses are now available for users. See the MIGRATION
1441 # file for info on how to activate the feature.
1442 #
1443 # Revision 1.101 2002/02/14 23:39:18 richard
1444 # . All forms now have "double-submit" protection when Javascript is enabled
1445 # on the client-side.
1446 #
1447 # Revision 1.100 2002/01/16 07:02:57 richard
1448 # . lots of date/interval related changes:
1449 # - more relaxed date format for input
1450 #
1451 # Revision 1.99 2002/01/16 03:02:42 richard
1452 # #503793 ] changing assignedto resets nosy list
1453 #
1454 # Revision 1.98 2002/01/14 02:20:14 richard
1455 # . changed all config accesses so they access either the instance or the
1456 # config attriubute on the db. This means that all config is obtained from
1457 # instance_config instead of the mish-mash of classes. This will make
1458 # switching to a ConfigParser setup easier too, I hope.
1459 #
1460 # At a minimum, this makes migration a _little_ easier (a lot easier in the
1461 # 0.5.0 switch, I hope!)
1462 #
1463 # Revision 1.97 2002/01/11 23:22:29 richard
1464 # . #502437 ] rogue reactor and unittest
1465 # in short, the nosy reactor was modifying the nosy list. That code had
1466 # been there for a long time, and I suspsect it was there because we
1467 # weren't generating the nosy list correctly in other places of the code.
1468 # We're now doing that, so the nosy-modifying code can go away from the
1469 # nosy reactor.
1470 #
1471 # Revision 1.96 2002/01/10 05:26:10 richard
1472 # missed a parsePropsFromForm in last update
1473 #
1474 # Revision 1.95 2002/01/10 03:39:45 richard
1475 # . fixed some problems with web editing and change detection
1476 #
1477 # Revision 1.94 2002/01/09 13:54:21 grubert
1478 # _add_assignedto_to_nosy did set nosy to assignedto only, no adding.
1479 #
1480 # Revision 1.93 2002/01/08 11:57:12 richard
1481 # crying out for real configuration handling... :(
1482 #
1483 # Revision 1.92 2002/01/08 04:12:05 richard
1484 # Changed message-id format to "<%s.%s.%s%s@%s>" so it complies with RFC822
1485 #
1486 # Revision 1.91 2002/01/08 04:03:47 richard
1487 # I mucked the intent of the code up.
1488 #
1489 # Revision 1.90 2002/01/08 03:56:55 richard
1490 # Oops, missed this before the beta:
1491 # . #495392 ] empty nosy -patch
1492 #
1493 # Revision 1.89 2002/01/07 20:24:45 richard
1494 # *mutter* stupid cutnpaste
1495 #
1496 # Revision 1.88 2002/01/02 02:31:38 richard
1497 # Sorry for the huge checkin message - I was only intending to implement #496356
1498 # but I found a number of places where things had been broken by transactions:
1499 # . modified ROUNDUPDBSENDMAILDEBUG to be SENDMAILDEBUG and hold a filename
1500 # for _all_ roundup-generated smtp messages to be sent to.
1501 # . the transaction cache had broken the roundupdb.Class set() reactors
1502 # . newly-created author users in the mailgw weren't being committed to the db
1503 #
1504 # Stuff that made it into CHANGES.txt (ie. the stuff I was actually working
1505 # on when I found that stuff :):
1506 # . #496356 ] Use threading in messages
1507 # . detectors were being registered multiple times
1508 # . added tests for mailgw
1509 # . much better attaching of erroneous messages in the mail gateway
1510 #
1511 # Revision 1.87 2001/12/23 23:18:49 richard
1512 # We already had an admin-specific section of the web heading, no need to add
1513 # another one :)
1514 #
1515 # Revision 1.86 2001/12/20 15:43:01 rochecompaan
1516 # Features added:
1517 # . Multilink properties are now displayed as comma separated values in
1518 # a textbox
1519 # . The add user link is now only visible to the admin user
1520 # . Modified the mail gateway to reject submissions from unknown
1521 # addresses if ANONYMOUS_ACCESS is denied
1522 #
1523 # Revision 1.85 2001/12/20 06:13:24 rochecompaan
1524 # Bugs fixed:
1525 # . Exception handling in hyperdb for strings-that-look-like numbers got
1526 # lost somewhere
1527 # . Internet Explorer submits full path for filename - we now strip away
1528 # the path
1529 # Features added:
1530 # . Link and multilink properties are now displayed sorted in the cgi
1531 # interface
1532 #
1533 # Revision 1.84 2001/12/18 15:30:30 rochecompaan
1534 # Fixed bugs:
1535 # . Fixed file creation and retrieval in same transaction in anydbm
1536 # backend
1537 # . Cgi interface now renders new issue after issue creation
1538 # . Could not set issue status to resolved through cgi interface
1539 # . Mail gateway was changing status back to 'chatting' if status was
1540 # omitted as an argument
1541 #
1542 # Revision 1.83 2001/12/15 23:51:01 richard
1543 # Tested the changes and fixed a few problems:
1544 # . files are now attached to the issue as well as the message
1545 # . newuser is a real method now since we don't want to do the message/file
1546 # stuff for it
1547 # . added some documentation
1548 # The really big changes in the diff are a result of me moving some code
1549 # around to keep like methods together a bit better.
1550 #
1551 # Revision 1.82 2001/12/15 19:24:39 rochecompaan
1552 # . Modified cgi interface to change properties only once all changes are
1553 # collected, files created and messages generated.
1554 # . Moved generation of change note to nosyreactors.
1555 # . We now check for changes to "assignedto" to ensure it's added to the
1556 # nosy list.
1557 #
1558 # Revision 1.81 2001/12/12 23:55:00 richard
1559 # Fixed some problems with user editing
1560 #
1561 # Revision 1.80 2001/12/12 23:27:14 richard
1562 # Added a Zope frontend for roundup.
1563 #
1564 # Revision 1.79 2001/12/10 22:20:01 richard
1565 # Enabled transaction support in the bsddb backend. It uses the anydbm code
1566 # where possible, only replacing methods where the db is opened (it uses the
1567 # btree opener specifically.)
1568 # Also cleaned up some change note generation.
1569 # Made the backends package work with pydoc too.
1570 #
1571 # Revision 1.78 2001/12/07 05:59:27 rochecompaan
1572 # Fixed small bug that prevented adding issues through the web.
1573 #
1574 # Revision 1.77 2001/12/06 22:48:29 richard
1575 # files multilink was being nuked in post_edit_node
1576 #
1577 # Revision 1.76 2001/12/05 14:26:44 rochecompaan
1578 # Removed generation of change note from "sendmessage" in roundupdb.py.
1579 # The change note is now generated when the message is created.
1580 #
1581 # Revision 1.75 2001/12/04 01:25:08 richard
1582 # Added some rollbacks where we were catching exceptions that would otherwise
1583 # have stopped committing.
1584 #
1585 # Revision 1.74 2001/12/02 05:06:16 richard
1586 # . We now use weakrefs in the Classes to keep the database reference, so
1587 # the close() method on the database is no longer needed.
1588 # I bumped the minimum python requirement up to 2.1 accordingly.
1589 # . #487480 ] roundup-server
1590 # . #487476 ] INSTALL.txt
1591 #
1592 # I also cleaned up the change message / post-edit stuff in the cgi client.
1593 # There's now a clearly marked "TODO: append the change note" where I believe
1594 # the change note should be added there. The "changes" list will obviously
1595 # have to be modified to be a dict of the changes, or somesuch.
1596 #
1597 # More testing needed.
1598 #
1599 # Revision 1.73 2001/12/01 07:17:50 richard
1600 # . We now have basic transaction support! Information is only written to
1601 # the database when the commit() method is called. Only the anydbm
1602 # backend is modified in this way - neither of the bsddb backends have been.
1603 # The mail, admin and cgi interfaces all use commit (except the admin tool
1604 # doesn't have a commit command, so interactive users can't commit...)
1605 # . Fixed login/registration forwarding the user to the right page (or not,
1606 # on a failure)
1607 #
1608 # Revision 1.72 2001/11/30 20:47:58 rochecompaan
1609 # Links in page header are now consistent with default sort order.
1610 #
1611 # Fixed bugs:
1612 # - When login failed the list of issues were still rendered.
1613 # - User was redirected to index page and not to his destination url
1614 # if his first login attempt failed.
1615 #
1616 # Revision 1.71 2001/11/30 20:28:10 rochecompaan
1617 # Property changes are now completely traceable, whether changes are
1618 # made through the web or by email
1619 #
1620 # Revision 1.70 2001/11/30 00:06:29 richard
1621 # Converted roundup/cgi_client.py to use _()
1622 # Added the status file, I18N_PROGRESS.txt
1623 #
1624 # Revision 1.69 2001/11/29 23:19:51 richard
1625 # Removed the "This issue has been edited through the web" when a valid
1626 # change note is supplied.
1627 #
1628 # Revision 1.68 2001/11/29 04:57:23 richard
1629 # a little comment
1630 #
1631 # Revision 1.67 2001/11/28 21:55:35 richard
1632 # . login_action and newuser_action return values were being ignored
1633 # . Woohoo! Found that bloody re-login bug that was killing the mail
1634 # gateway.
1635 # (also a minor cleanup in hyperdb)
1636 #
1637 # Revision 1.66 2001/11/27 03:00:50 richard
1638 # couple of bugfixes from latest patch integration
1639 #
1640 # Revision 1.65 2001/11/26 23:00:53 richard
1641 # This config stuff is getting to be a real mess...
1642 #
1643 # Revision 1.64 2001/11/26 22:56:35 richard
1644 # typo
1645 #
1646 # Revision 1.63 2001/11/26 22:55:56 richard
1647 # Feature:
1648 # . Added INSTANCE_NAME to configuration - used in web and email to identify
1649 # the instance.
1650 # . Added EMAIL_SIGNATURE_POSITION to indicate where to place the roundup
1651 # signature info in e-mails.
1652 # . Some more flexibility in the mail gateway and more error handling.
1653 # . Login now takes you to the page you back to the were denied access to.
1654 #
1655 # Fixed:
1656 # . Lots of bugs, thanks Roché and others on the devel mailing list!
1657 #
1658 # Revision 1.62 2001/11/24 00:45:42 jhermann
1659 # typeof() instead of type(): avoid clash with database field(?) "type"
1660 #
1661 # Fixes this traceback:
1662 #
1663 # Traceback (most recent call last):
1664 # File "roundup\cgi_client.py", line 535, in newnode
1665 # self._post_editnode(nid)
1666 # File "roundup\cgi_client.py", line 415, in _post_editnode
1667 # if type(value) != type([]): value = [value]
1668 # UnboundLocalError: local variable 'type' referenced before assignment
1669 #
1670 # Revision 1.61 2001/11/22 15:46:42 jhermann
1671 # Added module docstrings to all modules.
1672 #
1673 # Revision 1.60 2001/11/21 22:57:28 jhermann
1674 # Added dummy hooks for I18N and some preliminary (test) markup of
1675 # translatable messages
1676 #
1677 # Revision 1.59 2001/11/21 03:21:13 richard
1678 # oops
1679 #
1680 # Revision 1.58 2001/11/21 03:11:28 richard
1681 # Better handling of new properties.
1682 #
1683 # Revision 1.57 2001/11/15 10:24:27 richard
1684 # handle the case where there is no file attached
1685 #
1686 # Revision 1.56 2001/11/14 21:35:21 richard
1687 # . users may attach files to issues (and support in ext) through the web now
1688 #
1689 # Revision 1.55 2001/11/07 02:34:06 jhermann
1690 # Handling of damaged login cookies
1691 #
1692 # Revision 1.54 2001/11/07 01:16:12 richard
1693 # Remove the '=' padding from cookie value so quoting isn't an issue.
1694 #
1695 # Revision 1.53 2001/11/06 23:22:05 jhermann
1696 # More IE fixes: it does not like quotes around cookie values; in the
1697 # hope this does not break anything for other browser; if it does, we
1698 # need to check HTTP_USER_AGENT
1699 #
1700 # Revision 1.52 2001/11/06 23:11:22 jhermann
1701 # Fixed debug output in page footer; added expiry date to the login cookie
1702 # (expires 1 year in the future) to prevent probs with certain versions
1703 # of IE
1704 #
1705 # Revision 1.51 2001/11/06 22:00:34 jhermann
1706 # Get debug level from ROUNDUP_DEBUG env var
1707 #
1708 # Revision 1.50 2001/11/05 23:45:40 richard
1709 # Fixed newuser_action so it sets the cookie with the unencrypted password.
1710 # Also made it present nicer error messages (not tracebacks).
1711 #
1712 # Revision 1.49 2001/11/04 03:07:12 richard
1713 # Fixed various cookie-related bugs:
1714 # . bug #477685 ] base64.decodestring breaks
1715 # . bug #477837 ] lynx does not like the cookie
1716 # . bug #477892 ] Password edit doesn't fix login cookie
1717 # Also closed a security hole - a logged-in user could edit another user's
1718 # details.
1719 #
1720 # Revision 1.48 2001/11/03 01:30:18 richard
1721 # Oops. uses pagefoot now.
1722 #
1723 # Revision 1.47 2001/11/03 01:29:28 richard
1724 # Login page didn't have all close tags.
1725 #
1726 # Revision 1.46 2001/11/03 01:26:55 richard
1727 # possibly fix truncated base64'ed user:pass
1728 #
1729 # Revision 1.45 2001/11/01 22:04:37 richard
1730 # Started work on supporting a pop3-fetching server
1731 # Fixed bugs:
1732 # . bug #477104 ] HTML tag error in roundup-server
1733 # . bug #477107 ] HTTP header problem
1734 #
1735 # Revision 1.44 2001/10/28 23:03:08 richard
1736 # Added more useful header to the classic schema.
1737 #
1738 # Revision 1.43 2001/10/24 00:01:42 richard
1739 # More fixes to lockout logic.
1740 #
1741 # Revision 1.42 2001/10/23 23:56:03 richard
1742 # HTML typo
1743 #
1744 # Revision 1.41 2001/10/23 23:52:35 richard
1745 # Fixed lock-out logic, thanks Roch'e for pointing out the problems.
1746 #
1747 # Revision 1.40 2001/10/23 23:06:39 richard
1748 # Some cleanup.
1749 #
1750 # Revision 1.39 2001/10/23 01:00:18 richard
1751 # Re-enabled login and registration access after lopping them off via
1752 # disabling access for anonymous users.
1753 # Major re-org of the htmltemplate code, cleaning it up significantly. Fixed
1754 # a couple of bugs while I was there. Probably introduced a couple, but
1755 # things seem to work OK at the moment.
1756 #
1757 # Revision 1.38 2001/10/22 03:25:01 richard
1758 # Added configuration for:
1759 # . anonymous user access and registration (deny/allow)
1760 # . filter "widget" location on index page (top, bottom, both)
1761 # Updated some documentation.
1762 #
1763 # Revision 1.37 2001/10/21 07:26:35 richard
1764 # feature #473127: Filenames. I modified the file.index and htmltemplate
1765 # source so that the filename is used in the link and the creation
1766 # information is displayed.
1767 #
1768 # Revision 1.36 2001/10/21 04:44:50 richard
1769 # bug #473124: UI inconsistency with Link fields.
1770 # This also prompted me to fix a fairly long-standing usability issue -
1771 # that of being able to turn off certain filters.
1772 #
1773 # Revision 1.35 2001/10/21 00:17:54 richard
1774 # CGI interface view customisation section may now be hidden (patch from
1775 # Roch'e Compaan.)
1776 #
1777 # Revision 1.34 2001/10/20 11:58:48 richard
1778 # Catch errors in login - no username or password supplied.
1779 # Fixed editing of password (Password property type) thanks Roch'e Compaan.
1780 #
1781 # Revision 1.33 2001/10/17 00:18:41 richard
1782 # Manually constructing cookie headers now.
1783 #
1784 # Revision 1.32 2001/10/16 03:36:21 richard
1785 # CGI interface wasn't handling checkboxes at all.
1786 #
1787 # Revision 1.31 2001/10/14 10:55:00 richard
1788 # Handle empty strings in HTML template Link function
1789 #
1790 # Revision 1.30 2001/10/09 07:38:58 richard
1791 # Pushed the base code for the extended schema CGI interface back into the
1792 # code cgi_client module so that future updates will be less painful.
1793 # Also removed a debugging print statement from cgi_client.
1794 #
1795 # Revision 1.29 2001/10/09 07:25:59 richard
1796 # Added the Password property type. See "pydoc roundup.password" for
1797 # implementation details. Have updated some of the documentation too.
1798 #
1799 # Revision 1.28 2001/10/08 00:34:31 richard
1800 # Change message was stuffing up for multilinks with no key property.
1801 #
1802 # Revision 1.27 2001/10/05 02:23:24 richard
1803 # . roundup-admin create now prompts for property info if none is supplied
1804 # on the command-line.
1805 # . hyperdb Class getprops() method may now return only the mutable
1806 # properties.
1807 # . Login now uses cookies, which makes it a whole lot more flexible. We can
1808 # now support anonymous user access (read-only, unless there's an
1809 # "anonymous" user, in which case write access is permitted). Login
1810 # handling has been moved into cgi_client.Client.main()
1811 # . The "extended" schema is now the default in roundup init.
1812 # . The schemas have had their page headings modified to cope with the new
1813 # login handling. Existing installations should copy the interfaces.py
1814 # file from the roundup lib directory to their instance home.
1815 # . Incorrectly had a Bizar Software copyright on the cgitb.py module from
1816 # Ping - has been removed.
1817 # . Fixed a whole bunch of places in the CGI interface where we should have
1818 # been returning Not Found instead of throwing an exception.
1819 # . Fixed a deviation from the spec: trying to modify the 'id' property of
1820 # an item now throws an exception.
1821 #
1822 # Revision 1.26 2001/09/12 08:31:42 richard
1823 # handle cases where mime type is not guessable
1824 #
1825 # Revision 1.25 2001/08/29 05:30:49 richard
1826 # change messages weren't being saved when there was no-one on the nosy list.
1827 #
1828 # Revision 1.24 2001/08/29 04:49:39 richard
1829 # didn't clean up fully after debugging :(
1830 #
1831 # Revision 1.23 2001/08/29 04:47:18 richard
1832 # Fixed CGI client change messages so they actually include the properties
1833 # changed (again).
1834 #
1835 # Revision 1.22 2001/08/17 00:08:10 richard
1836 # reverted back to sending messages always regardless of who is doing the web
1837 # edit. change notes weren't being saved. bleah. hackish.
1838 #
1839 # Revision 1.21 2001/08/15 23:43:18 richard
1840 # Fixed some isFooTypes that I missed.
1841 # Refactored some code in the CGI code.
1842 #
1843 # Revision 1.20 2001/08/12 06:32:36 richard
1844 # using isinstance(blah, Foo) now instead of isFooType
1845 #
1846 # Revision 1.19 2001/08/07 00:24:42 richard
1847 # stupid typo
1848 #
1849 # Revision 1.18 2001/08/07 00:15:51 richard
1850 # Added the copyright/license notice to (nearly) all files at request of
1851 # Bizar Software.
1852 #
1853 # Revision 1.17 2001/08/02 06:38:17 richard
1854 # Roundupdb now appends "mailing list" information to its messages which
1855 # include the e-mail address and web interface address. Templates may
1856 # override this in their db classes to include specific information (support
1857 # instructions, etc).
1858 #
1859 # Revision 1.16 2001/08/02 05:55:25 richard
1860 # Web edit messages aren't sent to the person who did the edit any more. No
1861 # message is generated if they are the only person on the nosy list.
1862 #
1863 # Revision 1.15 2001/08/02 00:34:10 richard
1864 # bleah syntax error
1865 #
1866 # Revision 1.14 2001/08/02 00:26:16 richard
1867 # Changed the order of the information in the message generated by web edits.
1868 #
1869 # Revision 1.13 2001/07/30 08:12:17 richard
1870 # Added time logging and file uploading to the templates.
1871 #
1872 # Revision 1.12 2001/07/30 06:26:31 richard
1873 # Added some documentation on how the newblah works.
1874 #
1875 # Revision 1.11 2001/07/30 06:17:45 richard
1876 # Features:
1877 # . Added ability for cgi newblah forms to indicate that the new node
1878 # should be linked somewhere.
1879 # Fixed:
1880 # . Fixed the agument handling for the roundup-admin find command.
1881 # . Fixed handling of summary when no note supplied for newblah. Again.
1882 # . Fixed detection of no form in htmltemplate Field display.
1883 #
1884 # Revision 1.10 2001/07/30 02:37:34 richard
1885 # Temporary measure until we have decent schema migration...
1886 #
1887 # Revision 1.9 2001/07/30 01:25:07 richard
1888 # Default implementation is now "classic" rather than "extended" as one would
1889 # expect.
1890 #
1891 # Revision 1.8 2001/07/29 08:27:40 richard
1892 # Fixed handling of passed-in values in form elements (ie. during a
1893 # drill-down)
1894 #
1895 # Revision 1.7 2001/07/29 07:01:39 richard
1896 # Added vim command to all source so that we don't get no steenkin' tabs :)
1897 #
1898 # Revision 1.6 2001/07/29 04:04:00 richard
1899 # Moved some code around allowing for subclassing to change behaviour.
1900 #
1901 # Revision 1.5 2001/07/28 08:16:52 richard
1902 # New issue form handles lack of note better now.
1903 #
1904 # Revision 1.4 2001/07/28 00:34:34 richard
1905 # Fixed some non-string node ids.
1906 #
1907 # Revision 1.3 2001/07/23 03:56:30 richard
1908 # oops, missed a config removal
1909 #
1910 # Revision 1.2 2001/07/22 12:09:32 richard
1911 # Final commit of Grande Splite
1912 #
1913 # Revision 1.1 2001/07/22 11:58:35 richard
1914 # More Grande Splite
1915 #
1916 #
1917 # vim: set filetype=python ts=4 sw=4 et si