![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 663f0c764d429ce0dd22d043b182907768dbbc3a..a2e1e1ee03e7c49937ddadc23ae04a047dca56bf 100644 (file)
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
-# $Id: client.py,v 1.15 2002-09-05 23:39:12 richard Exp $
+# $Id: client.py,v 1.42 2002-09-25 02:10:25 richard Exp $
__doc__ = """
WWW request handler (also used in the stand-alone server).
from roundup import roundupdb, date, hyperdb, password
from roundup.i18n import _
-from roundup.cgi.templating import getTemplate, HTMLRequest
+from roundup.cgi.templating import Templates, HTMLRequest, NoTemplate
from roundup.cgi import cgitb
-from PageTemplates import PageTemplate
+from roundup.cgi.PageTemplates import PageTemplate
class Unauthorised(ValueError):
pass
keeps the nodeid of the session as the "session" attribute.
Client attributes:
- "url" is the current url path
- "path" is the PATH_INFO inside the instance
+ "path" is the PATH_INFO inside the instance (with no leading '/')
"base" is the base URL for the instance
'''
self.request = request
self.env = env
+ # save off the path
self.path = env['PATH_INFO']
- self.split_path = self.path.split('/')
- self.instance_path_name = env['INSTANCE_NAME']
# this is the base URL for this instance
- url = self.env['SCRIPT_NAME'] + '/' + self.instance_path_name
- self.base = urlparse.urlunparse(('http', env['HTTP_HOST'], url,
- None, None, None))
-
- # request.path is the full request path
- x, x, path, x, x, x = urlparse.urlparse(request.path)
- self.url = urlparse.urlunparse(('http', env['HTTP_HOST'], path,
- None, None, None))
+ self.base = self.instance.config.TRACKER_WEB
+ # see if we need to re-parse the environment for the form (eg Zope)
if form is None:
self.form = cgi.FieldStorage(environ=env)
else:
self.form = form
- self.headers_done = 0
+
+ # turn debugging on/off
try:
self.debug = int(env.get("ROUNDUP_DEBUG", 0))
except ValueError:
# someone gave us a non-int debug level, turn it off
self.debug = 0
+ # flag to indicate that the HTTP headers have been sent
+ self.headers_done = 0
+
+ # additional headers to send with the request - must be registered
+ # before the first write
+ self.additional_headers = {}
+ self.response_code = 200
+
def main(self):
+ ''' Wrap the real main in a try/finally so we always close off the db.
+ '''
+ try:
+ self.inner_main()
+ finally:
+ if hasattr(self, 'db'):
+ self.db.close()
+
+ def inner_main(self):
''' Process a request.
The most common requests are handled like so:
# and self.template, and may also append error/ok_messages)
self.handle_action()
# now render the page
- if self.form.has_key(':contentonly'):
- # just the content
- self.write(self.content())
- else:
- # render the content inside the page template
- self.write(self.renderTemplate('page', '',
- ok_message=self.ok_message,
- error_message=self.error_message))
+
+ # we don't want clients caching our dynamic pages
+ self.additional_headers['Cache-Control'] = 'no-cache'
+ self.additional_headers['Pragma'] = 'no-cache'
+ self.additional_headers['Expires'] = 'Thu, 1 Jan 1970 00:00:00 GMT'
+
+ # render the content
+ self.write(self.renderContext())
except Redirect, url:
# let's redirect - if the url isn't None, then we need to do
# the headers, otherwise the headers have been set before the
# exception was raised
if url:
- self.header({'Location': url}, response=302)
+ self.additional_headers['Location'] = url
+ self.response_code = 302
+ self.write('Redirecting to <a href="%s">%s</a>'%(url, url))
except SendFile, designator:
self.serve_file(designator)
except SendStaticFile, file:
self.nodeid = None
# determine the classname and possibly nodeid
- path = self.split_path
+ path = self.path.split('/')
if not path or path[0] in ('', 'home', 'index'):
if self.form.has_key(':template'):
self.template = self.form[':template'].value
if m:
self.classname = m.group(1)
self.nodeid = m.group(2)
+ if not self.db.getclass(self.classname).hasnode(self.nodeid):
+ raise NotFound, '%s/%s'%(self.classname, self.nodeid)
# with a designator, we default to item view
self.template = 'item'
else:
if self.form.has_key(':template'):
self.template = self.form[':template'].value
-
# see if we were passed in a message
if self.form.has_key(':ok_message'):
self.ok_message.append(self.form[':ok_message'].value)
# we just want to serve up the file named
file = self.db.file
- self.header({'Content-Type': file.get(nodeid, 'type')})
+ self.additional_headers['Content-Type'] = file.get(nodeid, 'type')
self.write(file.get(nodeid, 'content'))
def serve_static_file(self, file):
# we just want to serve up the file named
mt = mimetypes.guess_type(str(file))[0]
- self.header({'Content-Type': mt})
- self.write(open(os.path.join(self.instance.TEMPLATES, file)).read())
+ self.additional_headers['Content-Type'] = mt
+ self.write(open(os.path.join(self.instance.config.TEMPLATES,
+ file)).read())
- def renderTemplate(self, name, extension, **kwargs):
+ def renderContext(self):
''' Return a PageTemplate for the named page
'''
- pt = getTemplate(self.instance.TEMPLATES, name, extension)
- # XXX handle PT rendering errors here more nicely
+ name = self.classname
+ extension = self.template
+ pt = Templates(self.instance.config.TEMPLATES).get(name, extension)
+
+ # catch errors so we can handle PT rendering errors more nicely
+ args = {
+ 'ok_message': self.ok_message,
+ 'error_message': self.error_message
+ }
try:
# let the template render figure stuff out
- return pt.render(self, None, None, **kwargs)
- except PageTemplate.PTRuntimeError, message:
- return '<strong>%s</strong><ol>%s</ol>'%(message,
- '<li>'.join(pt._v_errors))
+ return pt.render(self, None, None, **args)
+ except NoTemplate, message:
+ return '<strong>%s</strong>'%message
except:
# everything else
- return cgitb.html()
-
- def content(self):
- ''' Callback used by the page template to render the content of
- the page.
-
- If we don't have a specific class to display, that is none was
- determined in determine_context(), then we display a "home"
- template.
- '''
- # now render the page content using the template we determined in
- # determine_context
- if self.classname is None:
- name = 'home'
- else:
- name = self.classname
- return self.renderTemplate(self.classname, self.template)
+ return cgitb.pt_html()
# these are the actions that are available
- actions = {
- 'edit': 'editItemAction',
- 'editCSV': 'editCSVAction',
- 'new': 'newItemAction',
- 'register': 'registerAction',
- 'login': 'login_action',
- 'logout': 'logout_action',
- 'search': 'searchAction',
- }
+ actions = (
+ ('edit', 'editItemAction'),
+ ('editCSV', 'editCSVAction'),
+ ('new', 'newItemAction'),
+ ('register', 'registerAction'),
+ ('login', 'loginAction'),
+ ('logout', 'logout_action'),
+ ('search', 'searchAction'),
+ )
def handle_action(self):
''' Determine whether there should be an _action called.
The action is defined by the form variable :action which
identifies the method on this object to call. The four basic
- actions are defined in the "actions" dictionary on this class:
+ actions are defined in the "actions" sequence on this class:
"edit" -> self.editItemAction
"new" -> self.newItemAction
"register" -> self.registerAction
- "login" -> self.login_action
+ "login" -> self.loginAction
"logout" -> self.logout_action
"search" -> self.searchAction
try:
# get the action, validate it
action = self.form[':action'].value
- if not self.actions.has_key(action):
+ for name, method in self.actions:
+ if name == action:
+ break
+ else:
raise ValueError, 'No such action "%s"'%action
# call the mapped action
- getattr(self, self.actions[action])()
+ getattr(self, method)()
except Redirect:
raise
+ except Unauthorised:
+ raise
except:
self.db.rollback()
s = StringIO.StringIO()
self.header()
self.request.wfile.write(content)
- def header(self, headers=None, response=200):
+ def header(self, headers=None, response=None):
'''Put up the appropriate header.
'''
if headers is None:
headers = {'Content-Type':'text/html'}
+ if response is None:
+ response = self.response_code
+
+ # update with additional info
+ headers.update(self.additional_headers)
+
if not headers.has_key('Content-Type'):
headers['Content-Type'] = 'text/html'
self.request.send_response(response)
def set_cookie(self, user, password):
# TODO generate a much, much stronger session key ;)
- self.session = binascii.b2a_base64(repr(time.time())).strip()
+ self.session = binascii.b2a_base64(repr(random.random())).strip()
# clean up the base64
if self.session[-1] == '=':
expire = Cookie._getdate(86400*365)
# generate the cookie path - make sure it has a trailing '/'
- path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
+ path = '/'.join((self.env['SCRIPT_NAME'], self.env['TRACKER_NAME'],
''))
- self.header({'Set-Cookie': 'roundup_user_2=%s; expires=%s; Path=%s;'%(
- self.session, expire, path)})
+ self.additional_headers['Set-Cookie'] = \
+ 'roundup_user_2=%s; expires=%s; Path=%s;'%(self.session, expire, path)
def make_user_anonymous(self):
''' Make us anonymous
self.userid = self.db.user.lookup('anonymous')
self.user = 'anonymous'
- def logout(self):
- ''' Make us really anonymous - nuke the cookie too
- '''
- self.make_user_anonymous()
-
- # construct the logout cookie
- now = Cookie._getdate()
- path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
- ''))
- self.header({'Set-Cookie':
- 'roundup_user_2=deleted; Max-Age=0; expires=%s; Path=%s;'%(now,
- path)})
- self.login()
-
def opendb(self, user):
''' Open the database.
'''
# open the db if the user has changed
if not hasattr(self, 'db') or user != self.db.journaltag:
+ if hasattr(self, 'db'):
+ self.db.close()
self.db = self.instance.open(user)
#
# Actions
#
- def login_action(self):
- ''' Attempt to log a user in and set the cookie
+ def loginAction(self):
+ ''' Attempt to log a user in.
+
+ Sets up a session for the user which contains the login
+ credentials.
'''
# we need the username at a minimum
if not self.form.has_key('__login_name'):
self.error_message.append(_('Incorrect password'))
return
+ # make sure we're allowed to be here
+ if not self.loginPermission():
+ self.make_user_anonymous()
+ raise Unauthorised, _("You do not have permission to login")
+
# set the session cookie
self.set_cookie(self.user, password)
+ def loginPermission(self):
+ ''' Determine whether the user has permission to log in.
+
+ Base behaviour is to check the user has "Web Access".
+ '''
+ if not self.db.security.hasPermission('Web Access', self.userid):
+ return 0
+ return 1
+
def logout_action(self):
''' Make us really anonymous - nuke the cookie too
'''
# construct the logout cookie
now = Cookie._getdate()
- path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME'],
+ path = '/'.join((self.env['SCRIPT_NAME'], self.env['TRACKER_NAME'],
''))
- self.header(headers={'Set-Cookie':
- 'roundup_user_2=deleted; Max-Age=0; expires=%s; Path=%s;'%(now, path)})
+ self.additional_headers['Set-Cookie'] = \
+ 'roundup_user_2=deleted; Max-Age=0; expires=%s; Path=%s;'%(now, path)
# Let the user know what's going on
self.ok_message.append(_('You are logged out'))
cl = self.db.user
try:
props = parsePropsFromForm(self.db, cl, self.form)
- props['roles'] = self.instance.NEW_WEB_USER_ROLES
+ props['roles'] = self.instance.config.NEW_WEB_USER_ROLES
self.userid = cl.create(**props)
self.db.commit()
except ValueError, message:
self.error_message.append(message)
+ return
# log the new user in
self.user = cl.get(self.userid, 'username')
self.set_cookie(self.user, password)
# nice message
- self.ok_message.append(_('You are now registered, welcome!'))
+ message = _('You are now registered, welcome!')
+
+ # redirect to the item's edit page
+ raise Redirect, '%s%s%s?:ok_message=%s'%(
+ self.base, self.classname, self.userid, urllib.quote(message))
def registerPermission(self, props):
''' Determine whether the user has permission to register
:multilink=designator:property
The value specifies a node designator and the property on that
node to add _this_ node to as a link or multilink.
- __note
+ :note
Create a message and attach it to the current node's
"messages" property.
- __file
+ :file
Create a file and attach it to the current node's
"files" property. Attach the file to the message created from
- the __note if it's supplied.
+ the :note if it's supplied.
:required=property,property,...
The named properties are required to be filled in the form.
if props:
message = _('%(changes)s edited ok')%{'changes':
', '.join(props.keys())}
- elif self.form.has_key('__note') and self.form['__note'].value:
+ elif self.form.has_key(':note') and self.form[':note'].value:
message = _('note added')
- elif (self.form.has_key('__file') and self.form['__file'].filename):
+ elif (self.form.has_key(':file') and self.form[':file'].filename):
message = _('file added')
else:
message = _('nothing changed')
# redirect to the item's edit page
- raise Redirect, '%s/%s%s?:ok_message=%s'%(self.base, self.classname,
+ raise Redirect, '%s%s%s?:ok_message=%s'%(self.base, self.classname,
self.nodeid, urllib.quote(message))
def editItemPermission(self, props):
return
# redirect to the new item's page
- raise Redirect, '%s/%s%s?:ok_message=%s'%(self.base, self.classname,
+ raise Redirect, '%s%s%s?:ok_message=%s'%(self.base, self.classname,
nid, urllib.quote(message))
def newItemPermission(self, props):
# commit the query change to the database
self.db.commit()
-
def searchPermission(self):
''' Determine whether the user has permission to search this class.
return 0
return 1
- def XXXremove_action(self, dre=re.compile(r'([^\d]+)(\d+)')):
+ def remove_action(self, dre=re.compile(r'([^\d]+)(\d+)')):
# XXX I believe this could be handled by a regular edit action that
# just sets the multilink...
- # XXX handle this !
target = self.index_arg(':target')[0]
m = dre.match(target)
if m:
'''
# handle file attachments
files = []
- if self.form.has_key('__file'):
- file = self.form['__file']
+ if self.form.has_key(':file'):
+ file = self.form[':file']
if file.filename:
filename = file.filename.split('\\')[-1]
mime_type = mimetypes.guess_type(filename)[0]
note = None
# in a nutshell, don't do anything if there's no note or there's no
# NOSY
- if self.form.has_key('__note'):
- note = self.form['__note'].value.strip()
+ if self.form.has_key(':note'):
+ note = self.form[':note'].value.strip()
if not note:
return None, files
if not props.has_key('messages'):
# handle the messageid
# TODO: handle inreplyto
messageid = "<%s.%s.%s@%s>"%(time.time(), random.random(),
- self.classname, self.instance.MAIL_DOMAIN)
+ self.classname, self.instance.config.MAIL_DOMAIN)
# now create the message, attaching the files
content = '\n'.join(m)
which issue to link the file to.
TODO: I suspect that this and newfile will go away now that
- there's the ability to upload a file using the issue __file form
+ there's the ability to upload a file using the issue :file form
element!
'''
cn = self.classname
props = {}
keys = form.keys()
+ properties = cl.getprops()
for key in keys:
- if not cl.properties.has_key(key):
+ if not properties.has_key(key):
continue
- proptype = cl.properties[key]
+ proptype = properties[key]
# Get the form value. This value may be a MiniFieldStorage or a list
# of MiniFieldStorages.
value = value.value.strip()
if isinstance(proptype, hyperdb.String):
- pass
- value = form[key].value.strip()
+ if not value:
+ continue
elif isinstance(proptype, hyperdb.Password):
if not value:
# ignore empty password values
continue
+ if not form.has_key('%s:confirm'%key):
+ raise ValueError, 'Password and confirmation text do not match'
+ confirm = form['%s:confirm'%key]
+ if isinstance(confirm, type([])):
+ raise ValueError, 'You have submitted more than one value'\
+ ' for the %s property'%key
+ if value != confirm.value:
+ raise ValueError, 'Password and confirmation text do not match'
value = password.Password(value)
elif isinstance(proptype, hyperdb.Date):
if value:
value = date.Date(form[key].value.strip())
else:
- value = None
+ continue
elif isinstance(proptype, hyperdb.Interval):
if value:
value = date.Interval(form[key].value.strip())
else:
- value = None
+ continue
elif isinstance(proptype, hyperdb.Link):
# see if it's the "no selection" choice
if value == '-1':
- value = None
- else:
- # handle key values
- link = cl.properties[key].classname
- if not num_re.match(value):
- try:
- value = db.classes[link].lookup(value)
- except KeyError:
- raise ValueError, _('property "%(propname)s": '
- '%(value)s not a %(classname)s')%{'propname':key,
- 'value': value, 'classname': link}
+ continue
+ # handle key values
+ link = proptype.classname
+ if not num_re.match(value):
+ try:
+ value = db.classes[link].lookup(value)
+ except KeyError:
+ raise ValueError, _('property "%(propname)s": '
+ '%(value)s not a %(classname)s')%{'propname':key,
+ 'value': value, 'classname': link}
+ except TypeError, message:
+ raise ValueError, _('you may only enter ID values '
+ 'for property "%(propname)s": %(message)s')%{
+ 'propname':key, 'message': message}
elif isinstance(proptype, hyperdb.Multilink):
if isinstance(value, type([])):
# it's a list of MiniFieldStorages
# it's a MiniFieldStorage, but may be a comma-separated list
# of values
value = [i.strip() for i in value.value.split(',')]
- link = cl.properties[key].classname
+ link = proptype.classname
l = []
for entry in map(str, value):
if entry == '': continue
raise ValueError, _('property "%(propname)s": '
'"%(value)s" not an entry of %(classname)s')%{
'propname':key, 'value': entry, 'classname': link}
+ except TypeError, message:
+ raise ValueError, _('you may only enter ID values '
+ 'for property "%(propname)s": %(message)s')%{
+ 'propname':key, 'message': message}
l.append(entry)
l.sort()
value = l
elif isinstance(proptype, hyperdb.Number):
props[key] = value = int(value)
+ # register this as received if required
+ if key in required:
+ required.remove(key)
+
# get the old value
if nodeid:
try:
except KeyError:
# this might be a new property for which there is no existing
# value
- if not cl.properties.has_key(key): raise
+ if not properties.has_key(key): raise
# if changed, set it
if value != existing:
props[key] = value
# see if all the required properties have been supplied
- l = []
- for property in required:
- if not props.has_key(property):
- l.append(property)
- if l:
- raise ValueError, 'Required properties %s not supplied'%(', '.join(l))
+ if required:
+ if len(required) > 1:
+ p = 'properties'
+ else:
+ p = 'property'
+ raise ValueError, 'Required %s %s not supplied'%(p, ', '.join(required))
return props