1
# IVLE - Informatics Virtual Learning Environment
2
# Copyright (C) 2007-2008 The University of Melbourne
4
# This program is free software; you can redistribute it and/or modify
5
# it under the terms of the GNU General Public License as published by
6
# the Free Software Foundation; either version 2 of the License, or
7
# (at your option) any later version.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22
# Provides functions for translating URLs into physical locations in the
23
# student directories in the local file system.
24
# Also performs common authorization, disallowing students from visiting paths
33
# Make a Subversion client object (for published)
34
svnclient = pysvn.Client()
36
def url_to_local(config, urlpath):
37
"""Given a URL path (part of a URL query string, see below), returns a
39
* the username of the student whose directory is being browsed
40
* the absolute path in the file system where that file will be
41
found within the student directories.
43
urlpath: Part of the URL, but only the part *after* the application. For
44
instance, given the URL "/ivle/browse/joe/mydir/myfile", urlpath will
45
be just "joe/mydir/myfile". The expected result is something like
46
("joe", "/home/informatics/jails/joe/home/joe/mydir/myfile").
47
Note that the actual location is not guaranteed by this interface (this
48
function serves as a single point of control as to how URLs map onto
51
Returns (None, None) if the path is empty.
53
>>> stubconfig = {'paths': {'jails': {'mounts': '/jails'}}}
54
>>> url_to_local(stubconfig, '')
56
>>> url_to_local(stubconfig, 'joe/foo/bar/baz')
57
('joe', '/jails/joe/home/joe/foo/bar/baz')
60
# First normalise the path
61
urlpath = os.path.normpath(urlpath)
62
# Now if it begins with ".." or separator, then it's illegal
63
if urlpath.startswith("..") or urlpath.startswith(os.sep):
65
# Note: User can be a group name. There is absolutely no difference in our
66
# current directory scheme.
67
(user, subpath) = util.split_path(urlpath)
68
if user is None: return (None, None)
70
# Join the user onto 'home' then the full path specified.
71
# This results in the user's name being repeated twice, which is in
72
# accordance with our directory scheme.
73
# (The first time is the name of the jail, the second is the user's home
74
# directory within the jail).
75
path = os.path.join(config['paths']['jails']['mounts'],
76
user, 'home', urlpath)
80
def url_to_jailpaths(config, urlpath):
81
"""Given a URL path (part of a URL query string), returns a tuple of
82
* the username of the student whose directory is being browsed
83
* the absolute path where the jail will be located.
84
* the path of the file relative to the jail.
86
urlpath: See urlpath in url_to_local.
88
>>> url_to_jailpaths("joe/mydir/myfile")
89
('joe', '/var/lib/ivle/jailmounts/joe', '/home/joe/mydir/myfile')
91
>>> url_to_jailpaths("")
94
# First normalise the path
95
urlpath = os.path.normpath(urlpath)
96
# Now if it begins with ".." then it's illegal
97
if urlpath.startswith(".."):
98
return (None, None, None)
99
# Note: User can be a group name. There is absolutely no difference in our
100
# current directory scheme.
101
(user, subpath) = util.split_path(urlpath)
102
if user is None: return (None, None, None)
104
jail = os.path.join(config['paths']['jails']['mounts'], user)
105
path = to_home_path(urlpath)
107
return (user, jail, path)
109
def to_home_path(urlpath):
110
"""Given a URL path (eg. joe/foo/bar/baz), returns a path within the home.
112
>>> to_home_path('joe/foo/bar/baz')
113
'/home/joe/foo/bar/baz'
115
return os.path.join('/home', urlpath)
117
def svnpublished(path):
118
"""Given a path on the LOCAL file system, determines whether the path has
119
its "ivle:published" property active (in subversion). Returns True
121
# Read SVN properties for this path
123
props = svnclient.propget("ivle:published", path, recurse=False)
124
except pysvn.ClientError:
125
# Not under version control? Then it isn't published.
127
return len(props) > 0
130
"""Given a path on the LOCAL file system, determines whether the path has a
131
'.published' file. Returns True or False."""
132
publish_file_path = os.path.join(path,'.published')
133
return os.access(publish_file_path,os.F_OK)
135
def worldreadable(path):
136
"""Given a path on the LOCAL file system, determines whether the path is
137
world readble. Returns True or False."""
139
mode = os.stat(path).st_mode
140
if mode & stat.S_IROTH:
148
def authorize(req, user):
149
"""Given a request, checks whether req.user is allowed to
150
access req.path. Returns None on authorization success. Raises
151
HTTP_FORBIDDEN on failure.
153
This is for general authorization (assuming not in public mode; this is
154
the standard auth code for fileservice, download and serve).
157
# First normalise the path
158
urlpath = os.path.normpath(req.path)
159
# Now if it begins with ".." or separator, then it's illegal
160
if urlpath.startswith("..") or urlpath.startswith(os.sep):
163
(owner, _) = util.split_path(urlpath)
164
if user.login != owner:
168
def authorize_public(req):
169
"""A different kind of authorization. Rather than making sure the
170
logged-in user owns the file, this checks if the file is in a published
173
This is for the "public mode" of the serve app.
175
Same interface as "authorize" - None on success, HTTP_FORBIDDEN exception
178
_, path = url_to_local(req.config, req.path)
180
# Walk up the tree, and find the deepest directory.
181
while not os.path.isdir(path):
182
path = os.path.dirname(path)
184
if not (worldreadable(path) and published(path)):
added
removed
ivle/studpath.py
