~azzar1/unity/add-show-desktop-key : contents of ivle/studpath.py at revision 1274

~azzar1/unity/add-show-desktop-key : (revision 1274)

# IVLE - Informatics Virtual Learning Environment
# Copyright (C) 2007-2008 The University of Melbourne
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

# Module: studpath
# Author: Matt Giuca
# Date:   14/12/2007

# Provides functions for translating URLs into physical locations in the
# student directories in the local file system.
# Also performs common authorization, disallowing students from visiting paths
# they dont own.

import os
import stat
import pysvn

from ivle import util

# Make a Subversion client object (for published)
svnclient = pysvn.Client()

def url_to_local(config, urlpath):
    """Given a URL path (part of a URL query string, see below), returns a
    tuple of
        * the username of the student whose directory is being browsed
        * the absolute path in the file system where that file will be
            found within the student directories.

    urlpath: Part of the URL, but only the part *after* the application. For
    instance, given the URL "/ivle/browse/joe/mydir/myfile", urlpath will
    be just "joe/mydir/myfile". The expected result is something like
    ("joe", "/home/informatics/jails/joe/home/joe/mydir/myfile").
    Note that the actual location is not guaranteed by this interface (this
    function serves as a single point of control as to how URLs map onto
    student directories).

    Returns (None, None) if the path is empty.

    >>> stubconfig = {'paths': {'jails': {'mounts': '/jails'}}}
    >>> url_to_local(stubconfig, '')
    (None, None)
    >>> url_to_local(stubconfig, 'joe/foo/bar/baz')
    ('joe', '/jails/joe/home/joe/foo/bar/baz')
    """

    # First normalise the path
    urlpath = os.path.normpath(urlpath)
    # Now if it begins with ".." or separator, then it's illegal
    if urlpath.startswith("..") or urlpath.startswith(os.sep):
        return (None, None)
    # Note: User can be a group name. There is absolutely no difference in our
    # current directory scheme.
    (user, subpath) = util.split_path(urlpath)
    if user is None: return (None, None)

    # Join the user onto 'home' then the full path specified.
    # This results in the user's name being repeated twice, which is in
    # accordance with our directory scheme.
    # (The first time is the name of the jail, the second is the user's home
    # directory within the jail).
    path = os.path.join(config['paths']['jails']['mounts'],
                        user, 'home', urlpath)

    return (user, path)

def url_to_jailpaths(config, urlpath):
    """Given a URL path (part of a URL query string), returns a tuple of
        * the username of the student whose directory is being browsed
        * the absolute path where the jail will be located.
        * the path of the file relative to the jail.

    urlpath: See urlpath in url_to_local.

    >>> url_to_jailpaths("joe/mydir/myfile")
    ('joe', '/var/lib/ivle/jailmounts/joe', '/home/joe/mydir/myfile')

    >>> url_to_jailpaths("")
    (None, None, None)
    """
    # First normalise the path
    urlpath = os.path.normpath(urlpath)
    # Now if it begins with ".." then it's illegal
    if urlpath.startswith(".."):
        return (None, None, None)
    # Note: User can be a group name. There is absolutely no difference in our
    # current directory scheme.
    (user, subpath) = util.split_path(urlpath)
    if user is None: return (None, None, None)

    jail = os.path.join(config['paths']['jails']['mounts'], user)
    path = to_home_path(urlpath)

    return (user, jail, path)

def to_home_path(urlpath):
    """Given a URL path (eg. joe/foo/bar/baz), returns a path within the home.

    >>> to_home_path('joe/foo/bar/baz')
    '/home/joe/foo/bar/baz'
    """
    return os.path.join('/home', urlpath)

def svnpublished(path):
    """Given a path on the LOCAL file system, determines whether the path has
    its "ivle:published" property active (in subversion). Returns True
    or False."""
    # Read SVN properties for this path
    try:
        props = svnclient.propget("ivle:published", path, recurse=False)
    except pysvn.ClientError:
        # Not under version control? Then it isn't published.
        return False
    return len(props) > 0

def published(path):
    """Given a path on the LOCAL file system, determines whether the path has a 
    '.published' file.  Returns True or False."""
    publish_file_path = os.path.join(path,'.published')
    return os.access(publish_file_path,os.F_OK)

def worldreadable(path):
    """Given a path on the LOCAL file system, determines whether the path is 
    world readble. Returns True or False."""
    try:
        mode = os.stat(path).st_mode
        if mode & stat.S_IROTH:
            return True
        else:
            return False
    except OSError, e:
        return False


def authorize(req, user):
    """Given a request, checks whether req.user is allowed to
    access req.path. Returns None on authorization success. Raises
    HTTP_FORBIDDEN on failure.

    This is for general authorization (assuming not in public mode; this is
    the standard auth code for fileservice, download and serve).
    """
    # TODO: Groups
    # First normalise the path
    urlpath = os.path.normpath(req.path)
    # Now if it begins with ".." or separator, then it's illegal
    if urlpath.startswith("..") or urlpath.startswith(os.sep):
        return False

    (owner, _) = util.split_path(urlpath)
    if user.login != owner:
        return False
    return True

def authorize_public(req):
    """A different kind of authorization. Rather than making sure the
    logged-in user owns the file, this checks if the file is in a published
    directory.

    This is for the "public mode" of the serve app.

    Same interface as "authorize" - None on success, HTTP_FORBIDDEN exception
    raised on failure.
    """
    _, path = url_to_local(req.config, req.path)

    # Walk up the tree, and find the deepest directory.
    while not os.path.isdir(path):
        path = os.path.dirname(path)

    if not (worldreadable(path) and published(path)):
        return False
    return True

1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	1	# IVLE - Informatics Virtual Learning Environment
	2	# Copyright (C) 2007-2008 The University of Melbourne
	3	#
	4	# This program is free software; you can redistribute it and/or modify
	5	# it under the terms of the GNU General Public License as published by
	6	# the Free Software Foundation; either version 2 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU General Public License
	15	# along with this program; if not, write to the Free Software
	16	# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	17
	18	# Module: studpath
	19	# Author: Matt Giuca
	20	# Date: 14/12/2007
	21
	22	# Provides functions for translating URLs into physical locations in the
	23	# student directories in the local file system.
	24	# Also performs common authorization, disallowing students from visiting paths
	25	# they dont own.
	26
	27	import os
	28	import stat
	29	import pysvn
	30
	31	from ivle import util
	32
	33	# Make a Subversion client object (for published)
	34	svnclient = pysvn.Client()
	35
1268 by William Grant Make url_to_local take a config, and test it!	36	def url_to_local(config, urlpath):
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	37	"""Given a URL path (part of a URL query string, see below), returns a
	38	tuple of
	39	* the username of the student whose directory is being browsed
	40	* the absolute path in the file system where that file will be
	41	found within the student directories.
	42
	43	urlpath: Part of the URL, but only the part after the application. For
	44	instance, given the URL "/ivle/browse/joe/mydir/myfile", urlpath will
	45	be just "joe/mydir/myfile". The expected result is something like
	46	("joe", "/home/informatics/jails/joe/home/joe/mydir/myfile").
	47	Note that the actual location is not guaranteed by this interface (this
	48	function serves as a single point of control as to how URLs map onto
	49	student directories).
	50
	51	Returns (None, None) if the path is empty.
	52
1268 by William Grant Make url_to_local take a config, and test it!	53	>>> stubconfig = {'paths': {'jails': {'mounts': '/jails'}}}
	54	>>> url_to_local(stubconfig, '')
	55	(None, None)
	56	>>> url_to_local(stubconfig, 'joe/foo/bar/baz')
	57	('joe', '/jails/joe/home/joe/foo/bar/baz')
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	58	"""
1268 by William Grant Make url_to_local take a config, and test it!	59
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	60	# First normalise the path
	61	urlpath = os.path.normpath(urlpath)
	62	# Now if it begins with ".." or separator, then it's illegal
	63	if urlpath.startswith("..") or urlpath.startswith(os.sep):
	64	return (None, None)
	65	# Note: User can be a group name. There is absolutely no difference in our
	66	# current directory scheme.
	67	(user, subpath) = util.split_path(urlpath)
	68	if user is None: return (None, None)
	69
	70	# Join the user onto 'home' then the full path specified.
	71	# This results in the user's name being repeated twice, which is in
	72	# accordance with our directory scheme.
	73	# (The first time is the name of the jail, the second is the user's home
	74	# directory within the jail).
1268 by William Grant Make url_to_local take a config, and test it!	75	path = os.path.join(config['paths']['jails']['mounts'],
	76	user, 'home', urlpath)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	77
	78	return (user, path)
	79
1273 by William Grant Remove ivle.conf usage from ivle.studpath.	80	def url_to_jailpaths(config, urlpath):
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	81	"""Given a URL path (part of a URL query string), returns a tuple of
	82	* the username of the student whose directory is being browsed
	83	* the absolute path where the jail will be located.
	84	* the path of the file relative to the jail.
	85
	86	urlpath: See urlpath in url_to_local.
	87
	88	>>> url_to_jailpaths("joe/mydir/myfile")
1099.1.7 by William Grant ivle.studpath.url_to_jailpaths: Fix the doctest to use new paths.	89	('joe', '/var/lib/ivle/jailmounts/joe', '/home/joe/mydir/myfile')
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	90
	91	>>> url_to_jailpaths("")
	92	(None, None, None)
	93	"""
	94	# First normalise the path
	95	urlpath = os.path.normpath(urlpath)
	96	# Now if it begins with ".." then it's illegal
	97	if urlpath.startswith(".."):
	98	return (None, None, None)
	99	# Note: User can be a group name. There is absolutely no difference in our
	100	# current directory scheme.
	101	(user, subpath) = util.split_path(urlpath)
	102	if user is None: return (None, None, None)
	103
1273 by William Grant Remove ivle.conf usage from ivle.studpath.	104	jail = os.path.join(config['paths']['jails']['mounts'], user)
1270 by William Grant Rename to to_home_path, and use it in ivle.interpret.	105	path = to_home_path(urlpath)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	106
	107	return (user, jail, path)
	108
1270 by William Grant Rename to to_home_path, and use it in ivle.interpret.	109	def to_home_path(urlpath):
	110	"""Given a URL path (eg. joe/foo/bar/baz), returns a path within the home.
1269 by William Grant Factor out the in-jail path bits of url_to_jailpaths.	111
1270 by William Grant Rename to to_home_path, and use it in ivle.interpret.	112	>>> to_home_path('joe/foo/bar/baz')
1269 by William Grant Factor out the in-jail path bits of url_to_jailpaths.	113	'/home/joe/foo/bar/baz'
	114	"""
	115	return os.path.join('/home', urlpath)
	116
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	117	def svnpublished(path):
	118	"""Given a path on the LOCAL file system, determines whether the path has
	119	its "ivle:published" property active (in subversion). Returns True
	120	or False."""
	121	# Read SVN properties for this path
	122	try:
	123	props = svnclient.propget("ivle:published", path, recurse=False)
	124	except pysvn.ClientError:
	125	# Not under version control? Then it isn't published.
	126	return False
	127	return len(props) > 0
	128
	129	def published(path):
	130	"""Given a path on the LOCAL file system, determines whether the path has a
	131	'.published' file. Returns True or False."""
	132	publish_file_path = os.path.join(path,'.published')
	133	return os.access(publish_file_path,os.F_OK)
	134
	135	def worldreadable(path):
	136	"""Given a path on the LOCAL file system, determines whether the path is
	137	world readble. Returns True or False."""
	138	try:
	139	mode = os.stat(path).st_mode
	140	if mode & stat.S_IROTH:
	141	return True
	142	else:
	143	return False
	144	except OSError, e:
	145	return False
	146
	147
1099.3.6 by William Grant Move serve over to the new framework. It sort of works, except not.	148	def authorize(req, user):
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	149	"""Given a request, checks whether req.user is allowed to
	150	access req.path. Returns None on authorization success. Raises
	151	HTTP_FORBIDDEN on failure.
	152
	153	This is for general authorization (assuming not in public mode; this is
	154	the standard auth code for fileservice, download and serve).
	155	"""
	156	# TODO: Groups
	157	# First normalise the path
	158	urlpath = os.path.normpath(req.path)
	159	# Now if it begins with ".." or separator, then it's illegal
	160	if urlpath.startswith("..") or urlpath.startswith(os.sep):
1099.3.6 by William Grant Move serve over to the new framework. It sort of works, except not.	161	return False
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	162
	163	(owner, _) = util.split_path(urlpath)
1099.3.6 by William Grant Move serve over to the new framework. It sort of works, except not.	164	if user.login != owner:
	165	return False
	166	return True
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	167
	168	def authorize_public(req):
	169	"""A different kind of authorization. Rather than making sure the
	170	logged-in user owns the file, this checks if the file is in a published
	171	directory.
	172
	173	This is for the "public mode" of the serve app.
	174
	175	Same interface as "authorize" - None on success, HTTP_FORBIDDEN exception
	176	raised on failure.
	177	"""
1268 by William Grant Make url_to_local take a config, and test it!	178	_, path = url_to_local(req.config, req.path)
1099.1.148 by William Grant Fix public mode serve authorization to traverse to the deepest directory,	179
	180	# Walk up the tree, and find the deepest directory.
	181	while not os.path.isdir(path):
	182	path = os.path.dirname(path)
	183
	184	if not (worldreadable(path) and published(path)):
1099.3.6 by William Grant Move serve over to the new framework. It sort of works, except not.	185	return False
	186	return True