X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=roundup%2Fcgi_client.py;h=0e446d48c3416eba68af6f936306d1c5e1bed7cd;hb=cd355af47a60fa0ea49b4a42a376066dae1c7716;hp=8e750666710756a9f3e6fee49cd4c8e395a0d40b;hpb=7585df8dd9c10e79a99d3e40d1fd6d5dd48c0d35;p=roundup.git
diff --git a/roundup/cgi_client.py b/roundup/cgi_client.py
index 8e75066..0e446d4 100644
--- a/roundup/cgi_client.py
+++ b/roundup/cgi_client.py
@@ -1,83 +1,187 @@
-# $Id: cgi_client.py,v 1.9 2001-07-30 01:25:07 richard Exp $
+#
+# Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/)
+# This module is free software, and you may redistribute it and/or modify
+# under the same terms as Python, so long as this copyright message and
+# disclaimer are retained in their original form.
+#
+# IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR
+# DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
+# OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+# BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
+# BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS"
+# BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
+# SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+#
+# $Id: cgi_client.py,v 1.103 2002-02-20 05:05:28 richard Exp $
-import os, cgi, pprint, StringIO, urlparse, re, traceback
+__doc__ = """
+WWW request handler (also used in the stand-alone server).
+"""
-import roundupdb, htmltemplate, date
+import os, cgi, pprint, StringIO, urlparse, re, traceback, mimetypes
+import binascii, Cookie, time, random
+
+import roundupdb, htmltemplate, date, hyperdb, password
+from roundup.i18n import _
class Unauthorised(ValueError):
pass
+class NotFound(ValueError):
+ pass
+
class Client:
- def __init__(self, out, db, env, user):
- self.out = out
- self.db = db
+ '''
+ A note about login
+ ------------------
+
+ If the user has no login cookie, then they are anonymous. There
+ are two levels of anonymous use. If there is no 'anonymous' user, there
+ is no login at all and the database is opened in read-only mode. If the
+ 'anonymous' user exists, the user is logged in using that user (though
+ there is no cookie). This allows them to modify the database, and all
+ modifications are attributed to the 'anonymous' user.
+ '''
+
+ def __init__(self, instance, request, env, form=None):
+ self.instance = instance
+ self.request = request
self.env = env
- self.user = user
self.path = env['PATH_INFO']
self.split_path = self.path.split('/')
+ if form is None:
+ self.form = cgi.FieldStorage(environ=env)
+ else:
+ self.form = form
self.headers_done = 0
- self.form = cgi.FieldStorage(environ=env)
- self.headers_done = 0
- self.debug = 0
+ try:
+ self.debug = int(env.get("ROUNDUP_DEBUG", 0))
+ except ValueError:
+ # someone gave us a non-int debug level, turn it off
+ self.debug = 0
+
+ def getuid(self):
+ return self.db.user.lookup(self.user)
def header(self, headers={'Content-Type':'text/html'}):
+ '''Put up the appropriate header.
+ '''
if not headers.has_key('Content-Type'):
headers['Content-Type'] = 'text/html'
+ self.request.send_response(200)
for entry in headers.items():
- self.out.write('%s: %s\n'%entry)
- self.out.write('\n')
+ self.request.send_header(*entry)
+ self.request.end_headers()
self.headers_done = 1
+ if self.debug:
+ self.headers_sent = headers
+
+ single_submit_script = '''
+
+'''
def pagehead(self, title, message=None):
- url = self.env['SCRIPT_NAME'] + '/' #self.env.get('PATH_INFO', '/')
+ url = self.env['SCRIPT_NAME'] + '/'
machine = self.env['SERVER_NAME']
port = self.env['SERVER_PORT']
if port != '80': machine = machine + ':' + port
base = urlparse.urlunparse(('http', machine, url, None, None, None))
if message is not None:
- message = '
')
self.write('')
def write(self, content):
if not self.headers_done:
self.header()
- self.out.write(content)
+ self.request.wfile.write(content)
def index_arg(self, arg):
''' handle the args to index - they might be a list from the form
@@ -91,7 +195,7 @@ class Client:
return arg.value.split(',')
return []
- def index_filterspec(self):
+ def index_filterspec(self, filter):
''' pull the index filter spec from the form
Links and multilinks want to be lists - the rest are straight
@@ -102,9 +206,12 @@ class Client:
filterspec = {}
for key in self.form.keys():
if key[0] == ':': continue
+ if not props.has_key(key): continue
+ if key not in filter: continue
prop = props[key]
value = self.form[key]
- if prop.isLinkType or prop.isMultilinkType:
+ if (isinstance(prop, hyperdb.Link) or
+ isinstance(prop, hyperdb.Multilink)):
if type(value) == type([]):
value = [arg.value for arg in value]
else:
@@ -116,33 +223,56 @@ class Client:
filterspec[key] = value.value
return filterspec
+ def customization_widget(self):
+ ''' The customization widget is visible by default. The widget
+ visibility is remembered by show_customization. Visibility
+ is not toggled if the action value is "Redisplay"
+ '''
+ if not self.form.has_key('show_customization'):
+ visible = 1
+ else:
+ visible = int(self.form['show_customization'].value)
+ if self.form.has_key('action'):
+ if self.form['action'].value != 'Redisplay':
+ visible = self.form['action'].value == '+'
+
+ return visible
+
default_index_sort = ['-activity']
default_index_group = ['priority']
- default_index_filter = []
+ default_index_filter = ['status']
default_index_columns = ['id','activity','title','status','assignedto']
default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
def index(self):
''' put up an index
'''
self.classname = 'issue'
- if self.form.has_key(':sort'): sort = self.index_arg(':sort')
- else: sort = self.default_index_sort
- if self.form.has_key(':group'): group = self.index_arg(':group')
- else: group = self.default_index_group
- if self.form.has_key(':filter'): filter = self.index_arg(':filter')
- else: filter = self.default_index_filter
- if self.form.has_key(':columns'): columns = self.index_arg(':columns')
- else: columns = self.default_index_columns
- filterspec = self.index_filterspec()
- if not filterspec:
+ # see if the web has supplied us with any customisation info
+ defaults = 1
+ for key in ':sort', ':group', ':filter', ':columns':
+ if self.form.has_key(key):
+ defaults = 0
+ break
+ if defaults:
+ # no info supplied - use the defaults
+ sort = self.default_index_sort
+ group = self.default_index_group
+ filter = self.default_index_filter
+ columns = self.default_index_columns
filterspec = self.default_index_filterspec
+ else:
+ sort = self.index_arg(':sort')
+ group = self.index_arg(':group')
+ filter = self.index_arg(':filter')
+ columns = self.index_arg(':columns')
+ filterspec = self.index_filterspec(filter)
return self.list(columns=columns, filter=filter, group=group,
sort=sort, filterspec=filterspec)
# XXX deviates from spec - loses the '+' (that's a reserved character
# in URLS
def list(self, sort=None, group=None, filter=None, columns=None,
- filterspec=None):
+ filterspec=None, show_customization=None):
''' call the template index with the args
:sort - sort by prop name, optionally preceeded with '-'
@@ -156,18 +286,101 @@ class Client:
'''
cn = self.classname
- self.pagehead('Index of %s'%cn)
+ cl = self.db.classes[cn]
+ self.pagehead(_('%(instancename)s: Index of %(classname)s')%{
+ 'classname': cn, 'instancename': self.instance.INSTANCE_NAME})
if sort is None: sort = self.index_arg(':sort')
if group is None: group = self.index_arg(':group')
if filter is None: filter = self.index_arg(':filter')
if columns is None: columns = self.index_arg(':columns')
- if filterspec is None: filterspec = self.index_filterspec()
+ if filterspec is None: filterspec = self.index_filterspec(filter)
+ if show_customization is None:
+ show_customization = self.customization_widget()
- htmltemplate.index(self, self.TEMPLATES, self.db, cn, filterspec,
- filter, columns, sort, group)
+ index = htmltemplate.IndexTemplate(self, self.instance.TEMPLATES, cn)
+ try:
+ index.render(filterspec, filter, columns, sort, group,
+ show_customization=show_customization)
+ except htmltemplate.MissingTemplateError:
+ self.basicClassEditPage()
self.pagefoot()
- def showitem(self, message=None):
+ def basicClassEditPage(self):
+ '''Display a basic edit page that allows simple editing of the
+ nodes of the current class
+ '''
+ if self.user != 'admin':
+ raise Unauthorised
+ w = self.write
+ cn = self.classname
+ cl = self.db.classes[cn]
+ props = ['id'] + cl.getprops(protected=0).keys()
+
+ # get the CSV module
+ try:
+ import csv
+ except ImportError:
+ w(_('Sorry, you need the csv module to use this function. \n'
+ 'Get it from: http://www.object-craft.com.au/projects/csv/'))
+ return
+
+ # do the edit
+ if self.form.has_key('rows'):
+ rows = self.form['rows'].value.splitlines()
+ p = csv.parser()
+ idlessprops = props[1:]
+ found = {}
+ for row in rows:
+ values = p.parse(row)
+ # not a complete row, keep going
+ if not values: continue
+
+ # extract the nodeid
+ nodeid, values = values[0], values[1:]
+ found[nodeid] = 1
+
+ # extract the new values
+ d = {}
+ for name, value in zip(idlessprops, values):
+ d[name] = value.strip()
+
+ # perform the edit
+ if cl.hasnode(nodeid):
+ # edit existing
+ cl.set(nodeid, **d)
+ else:
+ # new node
+ found[cl.create(**d)] = 1
+
+ # retire the removed entries
+ for nodeid in cl.list():
+ if not found.has_key(nodeid):
+ cl.retire(nodeid)
+
+ w(_('''
'%(cn, cn.capitalize()))
for key, value in cl.properties.items():
if value is None: value = ''
else: value = str(value)
@@ -465,35 +834,911 @@ class Client:
else:
raise Unauthorised
- def main(self, dre=re.compile(r'([^\d]+)(\d+)'), nre=re.compile(r'new(\w+)')):
+ def login(self, message=None, newuser_form=None, action='index'):
+ '''Display a login page.
+ '''
+ self.pagehead(_('Login to roundup'), message)
+ self.write(_('''
+
+
Existing User Login
+
+''')%locals())
+ if self.user is None and self.instance.ANONYMOUS_REGISTER == 'deny':
+ self.write('
')
+ self.pagefoot()
+ return
+ values = {'realname': '', 'organisation': '', 'address': '',
+ 'phone': '', 'username': '', 'password': '', 'confirm': '',
+ 'action': action, 'alternate_addresses': ''}
+ if newuser_form is not None:
+ for key in newuser_form.keys():
+ values[key] = newuser_form[key].value
+ self.write(_('''
+
+
New User Registration
+
marked items are optional...
+
+
+''')%values)
+ self.pagefoot()
+
+ def login_action(self, message=None):
+ '''Attempt to log a user in and set the cookie
+
+ returns 0 if a page is generated as a result of this call, and
+ 1 if not (ie. the login is successful
+ '''
+ if not self.form.has_key('__login_name'):
+ self.login(message=_('Username required'))
+ return 0
+ self.user = self.form['__login_name'].value
+ if self.form.has_key('__login_password'):
+ password = self.form['__login_password'].value
+ else:
+ password = ''
+ # make sure the user exists
+ try:
+ uid = self.db.user.lookup(self.user)
+ except KeyError:
+ name = self.user
+ self.make_user_anonymous()
+ action = self.form['__destination_url'].value
+ self.login(message=_('No such user "%(name)s"')%locals(),
+ action=action)
+ return 0
+
+ # and that the password is correct
+ pw = self.db.user.get(uid, 'password')
+ if password != pw:
+ self.make_user_anonymous()
+ action = self.form['__destination_url'].value
+ self.login(message=_('Incorrect password'), action=action)
+ return 0
+
+ self.set_cookie(self.user, password)
+ return 1
+
+ def newuser_action(self, message=None):
+ '''Attempt to create a new user based on the contents of the form
+ and then set the cookie.
+
+ return 1 on successful login
+ '''
+ # re-open the database as "admin"
+ self.db = self.instance.open('admin')
+
+ # TODO: pre-check the required fields and username key property
+ cl = self.db.user
+ try:
+ props = parsePropsFromForm(self.db, cl, self.form)
+ uid = cl.create(**props)
+ except ValueError, message:
+ action = self.form['__destination_url'].value
+ self.login(message, action=action)
+ return 0
+ self.user = cl.get(uid, 'username')
+ password = cl.get(uid, 'password')
+ self.set_cookie(self.user, self.form['password'].value)
+ return 1
+
+ def set_cookie(self, user, password):
+ # construct the cookie
+ user = binascii.b2a_base64('%s:%s'%(user, password)).strip()
+ if user[-1] == '=':
+ if user[-2] == '=':
+ user = user[:-2]
+ else:
+ user = user[:-1]
+ expire = Cookie._getdate(86400*365)
+ path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME']))
+ self.header({'Set-Cookie': 'roundup_user=%s; expires=%s; Path=%s;' % (
+ user, expire, path)})
+
+ def make_user_anonymous(self):
+ # make us anonymous if we can
+ try:
+ self.db.user.lookup('anonymous')
+ self.user = 'anonymous'
+ except KeyError:
+ self.user = None
+
+ def logout(self, message=None):
+ self.make_user_anonymous()
+ # construct the logout cookie
+ now = Cookie._getdate()
+ path = '/'.join((self.env['SCRIPT_NAME'], self.env['INSTANCE_NAME']))
+ self.header({'Set-Cookie':
+ 'roundup_user=deleted; Max-Age=0; expires=%s; Path=%s;'%(now,
+ path)})
+ self.login()
+
+ def main(self):
+ '''Wrap the database accesses so we can close the database cleanly
+ '''
+ # determine the uid to use
+ self.db = self.instance.open('admin')
+ cookie = Cookie.Cookie(self.env.get('HTTP_COOKIE', ''))
+ user = 'anonymous'
+ if (cookie.has_key('roundup_user') and
+ cookie['roundup_user'].value != 'deleted'):
+ cookie = cookie['roundup_user'].value
+ if len(cookie)%4:
+ cookie = cookie + '='*(4-len(cookie)%4)
+ try:
+ user, password = binascii.a2b_base64(cookie).split(':')
+ except (TypeError, binascii.Error, binascii.Incomplete):
+ # damaged cookie!
+ user, password = 'anonymous', ''
+
+ # make sure the user exists
+ try:
+ uid = self.db.user.lookup(user)
+ # now validate the password
+ if password != self.db.user.get(uid, 'password'):
+ user = 'anonymous'
+ except KeyError:
+ user = 'anonymous'
+
+ # make sure the anonymous user is valid if we're using it
+ if user == 'anonymous':
+ self.make_user_anonymous()
+ else:
+ self.user = user
+
+ # re-open the database for real, using the user
+ self.db = self.instance.open(self.user)
+
+ # now figure which function to call
path = self.split_path
+
+ # default action to index if the path has no information in it
if not path or path[0] in ('', 'index'):
- self.index()
- elif len(path) == 1:
- if path[0] == 'list_classes':
- self.classes()
+ action = 'index'
+ else:
+ action = path[0]
+
+ # Everthing ignores path[1:]
+ # - The file download link generator actually relies on this - it
+ # appends the name of the file to the URL so the download file name
+ # is correct, but doesn't actually use it.
+
+ # everyone is allowed to try to log in
+ if action == 'login_action':
+ # try to login
+ if not self.login_action():
return
- m = dre.match(path[0])
- if m:
- self.classname = m.group(1)
- self.nodeid = m.group(2)
- getattr(self, 'show%s'%self.classname)()
+ # figure the resulting page
+ action = self.form['__destination_url'].value
+ if not action:
+ action = 'index'
+ self.do_action(action)
+ return
+
+ # allow anonymous people to register
+ if action == 'newuser_action':
+ # if we don't have a login and anonymous people aren't allowed to
+ # register, then spit up the login form
+ if self.instance.ANONYMOUS_REGISTER == 'deny' and self.user is None:
+ if action == 'login':
+ self.login() # go to the index after login
+ else:
+ self.login(action=action)
return
- m = nre.match(path[0])
- if m:
- self.classname = m.group(1)
- getattr(self, 'new%s'%self.classname)()
+ # try to add the user
+ if not self.newuser_action():
return
- self.classname = path[0]
- self.list()
+ # figure the resulting page
+ action = self.form['__destination_url'].value
+ if not action:
+ action = 'index'
+
+ # no login or registration, make sure totally anonymous access is OK
+ elif self.instance.ANONYMOUS_ACCESS == 'deny' and self.user is None:
+ if action == 'login':
+ self.login() # go to the index after login
+ else:
+ self.login(action=action)
+ return
+
+ # just a regular action
+ self.do_action(action)
+
+ # commit all changes to the database
+ self.db.commit()
+
+ def do_action(self, action, dre=re.compile(r'([^\d]+)(\d+)'),
+ nre=re.compile(r'new(\w+)')):
+ '''Figure the user's action and do it.
+ '''
+ # here be the "normal" functionality
+ if action == 'index':
+ self.index()
+ return
+ if action == 'list_classes':
+ self.classes()
+ return
+ if action == 'login':
+ self.login()
+ return
+ if action == 'logout':
+ self.logout()
+ return
+
+ # see if we're to display an existing node
+ m = dre.match(action)
+ if m:
+ self.classname = m.group(1)
+ self.nodeid = m.group(2)
+ try:
+ cl = self.db.classes[self.classname]
+ except KeyError:
+ raise NotFound
+ try:
+ cl.get(self.nodeid, 'id')
+ except IndexError:
+ raise NotFound
+ try:
+ func = getattr(self, 'show%s'%self.classname)
+ except AttributeError:
+ raise NotFound
+ func()
+ return
+
+ # see if we're to put up the new node page
+ m = nre.match(action)
+ if m:
+ self.classname = m.group(1)
+ try:
+ func = getattr(self, 'new%s'%self.classname)
+ except AttributeError:
+ raise NotFound
+ func()
+ return
+
+ # otherwise, display the named class
+ self.classname = action
+ try:
+ self.db.getclass(self.classname)
+ except KeyError:
+ raise NotFound
+ self.list()
+
+
+class ExtendedClient(Client):
+ '''Includes pages and page heading information that relate to the
+ extended schema.
+ '''
+ showsupport = Client.shownode
+ showtimelog = Client.shownode
+ newsupport = Client.newnode
+ newtimelog = Client.newnode
+
+ default_index_sort = ['-activity']
+ default_index_group = ['priority']
+ default_index_filter = ['status']
+ default_index_columns = ['activity','status','title','assignedto']
+ default_index_filterspec = {'status': ['1', '2', '3', '4', '5', '6', '7']}
+
+ def pagehead(self, title, message=None):
+ url = self.env['SCRIPT_NAME'] + '/' #self.env.get('PATH_INFO', '/')
+ machine = self.env['SERVER_NAME']
+ port = self.env['SERVER_PORT']
+ if port != '80': machine = machine + ':' + port
+ base = urlparse.urlunparse(('http', machine, url, None, None, None))
+ if message is not None:
+ message = _('
%(message)s
')%locals()
+ else:
+ message = ''
+ style = open(os.path.join(self.instance.TEMPLATES, 'style.css')).read()
+ user_name = self.user or ''
+ if self.user == 'admin':
+ admin_links = _(' | Class List' \
+ ' | User List' \
+ ' | Add User')
+ else:
+ admin_links = ''
+ if self.user not in (None, 'anonymous'):
+ userid = self.db.user.lookup(self.user)
+ user_info = _('''
+My Issues |
+My Support |
+My Details | Logout
+''')%locals()
else:
- raise 'ValueError', 'Path not understood'
+ user_info = _('Login')
+ if self.user is not None:
+ add_links = _('''
+| Add
+Issue,
+Support,
+''')
+ else:
+ add_links = ''
+ single_submit_script = self.single_submit_script
+ self.write(_('''
+%(title)s
+
+
+%(single_submit_script)s
+
+%(message)s
+