46
45
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
47
46
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
48
47
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
48
from ivle.webapp.publisher import Publisher, PublishingError
49
from ivle.webapp import ApplicationRoot
50
51
config = ivle.config.Config()
52
def generate_router(view_plugins, attr):
53
class ObjectPermissionCheckingPublisher(Publisher):
54
"""A specialised publisher that checks object permissions.
56
This publisher verifies that the user holds any permission at all
57
on the model objects through which the resolution path passes. If
58
no permission is held, resolution is aborted with an Unauthorized
61
IMPORTANT: This does NOT check view permissions. It only checks
62
the objects in between the root and the view, exclusive!
65
def traversed_to_object(self, obj):
66
"""Check that the user has any permission at all over the object."""
67
if (hasattr(obj, 'get_permissions') and
68
len(obj.get_permissions(self.root.user)) == 0):
72
def generate_publisher(view_plugins, root):
54
74
Build a Mapper object for doing URL matching using 'routes', based on the
55
75
given plugin registry.
57
m = routes.Mapper(explicit=True)
77
r = ObjectPermissionCheckingPublisher(root=root)
79
r.add_set_switch('api', 'api')
58
81
for plugin in view_plugins:
59
# Establish a URL pattern for each element of plugin.urls
60
assert hasattr(plugin, 'urls'), "%r does not have any urls" % plugin
61
for url in getattr(plugin, attr):
64
kwargs_dict = url[2] if len(url) >= 3 else {}
65
m.connect(routex, view=view_class, **kwargs_dict)
82
if hasattr(plugin, 'forward_routes'):
83
for fr in plugin.forward_routes:
84
# An annotated function can also be passed in directly.
85
if hasattr(fr, '_forward_route_meta'):
86
r.add_forward_func(fr)
90
if hasattr(plugin, 'reverse_routes'):
91
for rr in plugin.reverse_routes:
92
# An annotated function can also be passed in directly.
93
if hasattr(rr, '_reverse_route_src'):
94
r.add_reverse_func(rr)
98
if hasattr(plugin, 'views'):
99
for v in plugin.views:
68
104
def handler(apachereq):
69
105
"""Handles an HTTP request.
87
123
if req.publicmode:
88
req.mapper = generate_router(config.plugin_index[PublicViewPlugin],
91
req.mapper = generate_router(config.plugin_index[ViewPlugin], 'urls')
93
matchdict = req.mapper.match(req.uri)
94
if matchdict is not None:
95
viewcls = matchdict['view']
96
# Get the remaining arguments, less 'view', 'action' and 'controller'
97
# (The latter two seem to be built-in, and we don't want them).
98
kwargs = matchdict.copy()
124
raise NotImplementedError("no public mode with obtrav yet!")
126
req.publisher = generate_publisher(
127
config.plugin_index[ViewPlugin],
128
ApplicationRoot(req.config, req.store, req.user))
131
obj, viewcls, subpath = req.publisher.resolve(req.uri.decode('utf-8'))
133
# We 404 if we have a subpath but the view forbids it.
134
if not viewcls.subpath_allowed and subpath:
101
137
# Instantiate the view, which should be a BaseView class
102
view = viewcls(req, **kwargs)
138
view = viewcls(req, obj, subpath)
104
140
# Check that the request (mainly the user) is permitted to access
139
175
req.store.commit()
142
XHTMLErrorView(req, NotFound()).render(req)
177
except Unauthorized, e:
178
# Resolution failed due to a permission check. Display a pretty
179
# error, or maybe a login page.
180
XHTMLView.get_error_view(e)(req, e, req.publisher.root).render(req)
182
except PublishingError, e:
185
if req.user and req.user.admin:
186
XHTMLErrorView(req, NotFound('Not found: ' +
187
str(e.args)), e[0]).render(req)
189
XHTMLErrorView(req, NotFound(), e[0]).render(req)
145
193
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):
155
203
req.content_type = "text/html"
156
204
logfile = os.path.join(config['paths']['logs'], 'ivle_error.log')
207
# XXX: This remains here for ivle.interpret's IVLEErrors. Once we rewrite
208
# fileservice, req.status should always be 500 (ISE) here.
159
210
httpcode = exc_value.httpcode
160
211
req.status = httpcode
161
212
except AttributeError:
163
214
req.status = mod_python.apache.HTTP_INTERNAL_SERVER_ERROR
165
217
publicmode = req.publicmode
166
218
except AttributeError:
189
241
# misbehaves (which is currently very easy, if things aren't set up
191
243
# Write the traceback.
192
# If this is a non-4xx IVLEError, get the message and httpcode and
193
# make the error message a bit nicer (but still include the
195
# We also need to special-case IVLEJailError, as we can get another
245
# We need to special-case IVLEJailError, as we can get another
196
246
# almost-exception out of it.
198
codename, msg = None, None
200
247
if exc_type is util.IVLEJailError:
201
msg = exc_value.type_str + ": " + exc_value.message
202
248
tb = 'Exception information extracted from IVLEJailError:\n'
203
249
tb += urllib.unquote(exc_value.info)
206
codename, msg = req.get_http_codename(httpcode)
207
except AttributeError:
210
251
tb = ''.join(traceback.format_exception(exc_type, exc_value,
213
logging.error('%s\n%s'%(str(msg), tb))
254
logging.error('\n' + tb)
215
256
# Error messages are only displayed is the user is NOT a student,
216
257
# or if there has been a problem logging the error message
220
261
<html xmlns="http://www.w3.org/1999/xhtml">
221
262
<head><title>IVLE Internal Server Error</title></head>
223
<h1>IVLE Internal Server Error""")
225
if codename is not None and \
226
httpcode != mod_python.apache.HTTP_INTERNAL_SERVER_ERROR:
227
req.write(": %s" % cgi.escape(codename))
264
<h1>IVLE Internal Server Error</h1>
230
265
<p>An error has occured which is the fault of the IVLE developers or
231
266
administrators. """)