![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 66f5d53)
raw | patch | inline | side by side (parent: 66f5d53)
| author | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Tue, 30 Jul 2002 05:27:30 +0000 (05:27 +0000) | ||
| committer | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Tue, 30 Jul 2002 05:27:30 +0000 (05:27 +0000) |
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@931 57a73879-2fb5-44c3-a270-3262357dd7e2
| roundup/cgi_client.py | patch | blob | history | |
| roundup/htmltemplate.py | patch | blob | history |
diff --git a/roundup/cgi_client.py b/roundup/cgi_client.py
index 99a65f15c2693acc8f3bfbedab70ba7178bb81de..f9fcd4048a76b47dcac53528556984f361f7fc20 100644 (file)
--- a/roundup/cgi_client.py
+++ b/roundup/cgi_client.py
# BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
# SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
#
-# $Id: cgi_client.py,v 1.145 2002-07-26 08:26:59 richard Exp $
+# $Id: cgi_client.py,v 1.146 2002-07-30 05:27:30 richard Exp $
__doc__ = """
WWW request handler (also used in the stand-alone server).
<a href="user%(userid)s">My Details</a> | <a href="logout">Logout</a>
''')%locals()
-
# figure the "add class" links
if hasattr(self.instance, 'HEADER_ADD_LINKS'):
classes = self.instance.HEADER_ADD_LINKS
'''
userid = self.db.user.lookup(self.user)
if not self.db.security.hasPermission('Edit', userid):
- raise Unauthorised
+ raise Unauthorised, _("You do not have permission to access"\
+ " %(action)s.")%{'action': self.classname}
w = self.write
cn = self.classname
cl = self.db.classes[cn]
cn = self.classname
userid = self.db.user.lookup(self.user)
if not self.db.security.hasPermission('View', userid, cn):
- raise Unauthorised
+ raise Unauthorised, _("You do not have permission to access"\
+ " %(action)s.")%{'action': self.classname}
cl = self.db.classes[cn]
if self.form.has_key(':multilink'):
link = self.form[':multilink'].value
if [i for i in keys if i[0] != ':']:
# no dice if you can't edit!
if not self.db.security.hasPermission('Edit', userid, cn):
- raise Unauthorised
+ raise Unauthorised, _("You do not have permission to access"\
+ " %(action)s.")%{'action': 'new'+self.classname}
props = {}
try:
nid = self._createnode()
'''
userid = self.db.user.lookup(self.user)
if not self.db.security.hasPermission('Edit', userid, 'user'):
- raise Unauthorised
+ raise Unauthorised, _("You do not have permission to access"\
+ " %(action)s.")%{'action': 'newuser'}
cn = self.classname
cl = self.db.classes[cn]
'''
userid = self.db.user.lookup(self.user)
if not self.db.security.hasPermission('Edit', userid, 'file'):
- raise Unauthorised
+ raise Unauthorised, _("You do not have permission to access"\
+ " %(action)s.")%{'action': 'newfile'}
cn = self.classname
cl = self.db.classes[cn]
props = parsePropsFromForm(self.db, cl, self.form)
user = self.db.user
# get the username of the node being edited
- node_user = user.get(self.nodeid, 'username')
+ try:
+ node_user = user.get(self.nodeid, 'username')
+ except IndexError:
+ raise NotFound, 'user%s'%self.nodeid
# ok, so we need to be able to edit everything, or be this node's
# user
userid = self.db.user.lookup(self.user)
if (not self.db.security.hasPermission('Edit', userid)
and self.user != node_user):
- raise Unauthorised
+ raise Unauthorised, _("You do not have permission to access"\
+ " %(action)s.")%{'action': self.classname +
+ str(self.nodeid)}
#
# perform any editing
'''
nodeid = self.nodeid
cl = self.db.classes[self.classname]
- mime_type = cl.get(nodeid, 'type')
+ try:
+ mime_type = cl.get(nodeid, 'type')
+ except IndexError:
+ raise NotFound, 'file%s'%nodeid
if mime_type == 'message/rfc822':
mime_type = 'text/plain'
self.header(headers={'Content-Type': mime_type})
''' display a list of all the classes in the database
'''
userid = self.db.user.lookup(self.user)
- if not self.db.security.hasPermission('Edit', userid):
- raise Unauthorised
+ raise Unauthorised, _("You do not have permission to access"\
+ " %(action)s.")%{'action': 'all classes'}
self.pagehead(_('Table of classes'), message)
classnames = self.db.classes.keys()
def login(self, message=None, newuser_form=None, action='index'):
'''Display a login page.
'''
- self.pagehead(_('Login to roundup'), message)
+ self.pagehead(_('Login to roundup'))
+ if message:
+ self.write('<p class="system-msg">%s</p>'%message)
self.write(_('''
<table>
<tr><td colspan=2 class="strong-header">Existing User Login</td></tr>
# make sure we're allowed to register
userid = self.db.user.lookup(self.user)
if not self.db.security.hasPermission('Web Registration', userid):
- raise Unauthorised
+ raise Unauthorised, _("You do not have permission to access"\
+ " %(action)s.")%{'action': 'registration'}
# re-open the database as "admin"
self.opendb('admin')
self.desired_action = None
try:
self.main_action()
- except Unauthorised:
+ except Unauthorised, message:
self.header(response=403)
if self.desired_action is None or self.desired_action == 'login':
- self.login() # go to the index after login
+ if not message:
+ message=_("You do not have permission.")
+ # go to the index after login
+ self.login(message=message)
else:
- self.login(action=self.desired_action)
+ if not message:
+ message=_("You do not have permission to access"\
+ " %(action)s.")%{'action': self.desired_action}
+ self.login(action=self.desired_action, message=message)
def main_action(self):
'''Wrap the database accesses so we can close the database cleanly
#
# $Log: not supported by cvs2svn $
+# Revision 1.145 2002/07/26 08:26:59 richard
+# Very close now. The cgi and mailgw now use the new security API. The two
+# templates have been migrated to that setup. Lots of unit tests. Still some
+# issue in the web form for editing Roles assigned to users.
+#
# Revision 1.144 2002/07/25 07:14:05 richard
# Bugger it. Here's the current shape of the new security implementation.
# Still to do:
index 2c85c7e5d3edc8ef5a71c9659d3387df4460303a..6ad188b46bbb6150855f9f2f461a838284d9e10f 100644 (file)
--- a/roundup/htmltemplate.py
+++ b/roundup/htmltemplate.py
# BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
# SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
#
-# $Id: htmltemplate.py,v 1.106 2002-07-30 02:41:04 richard Exp $
+# $Id: htmltemplate.py,v 1.107 2002-07-30 05:27:30 richard Exp $
__doc__ = """
Template engine.
will hunt you down.
"""
-import os, re, StringIO, urllib, cgi, errno, types, urllib
+import sys, os, re, StringIO, urllib, cgi, errno, types, urllib
import hyperdb, date
from i18n import _
else:
if l:
# there were tests, and we didn't fail any of them so we're OK
- return self.execute_template(ok)
+ if ok:
+ return self.execute_template(ok)
+ else:
+ return ''
# nope, fail
- return self.execute_template(fail)
+ if fail:
+ return self.execute_template(fail)
+ else:
+ return ''
#
# INDEX TEMPLATES
w('<form onSubmit="return submit_once()" action="%s%s" method="POST" enctype="multipart/form-data">'%(
self.classname, nodeid))
s = open(os.path.join(self.templates, self.classname+'.item')).read()
- w(self.execute_template(s))
+ try:
+ w(self.execute_template(s))
+ except:
+ etype = sys.exc_type
+ if type(etype) is types.ClassType:
+ etype = etype.__name__
+ w('<p class="system-msg">%s: %s</p>'%(etype, sys.exc_value))
+ # make sure we don't commit any changes
+ self.db.rollback()
w('</form>')
self.clear()
#
# $Log: not supported by cvs2svn $
+# Revision 1.106 2002/07/30 02:41:04 richard
+# Removed the confusing, ugly two-column sorting stuff. Column heading clicks
+# now only sort on one column. Nice and simple and obvious.
+#
# Revision 1.105 2002/07/26 08:26:59 richard
# Very close now. The cgi and mailgw now use the new security API. The two
# templates have been migrated to that setup. Lots of unit tests. Still some