← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/dispatch/__init__.py

  • Committer: William Grant
  • Date: 2009-12-02 02:20:57 UTC
  • mto: This revision was merged to the branch mainline in revision 1353.
  • Revision ID: grantw@unimelb.edu.au-20091202022057-m3w3rzrzp47y89to
Refuse to traverse through an object to which the user has no permissions. This stops information leakage in breadcrumbs.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/dispatch/__init__.py
50
50
 
51
51
config = ivle.config.Config()
52
52
 
 
53
class ObjectPermissionCheckingPublisher(Publisher):
 
54
    """A specialised publisher that checks object permissions.
 
55
 
 
56
    This publisher verifies that the user holds any permission at all
 
57
    on the model objects through which the resolution path passes. If
 
58
    no permission is held, resolution is aborted with an Unauthorized
 
59
    exception.
 
60
 
 
61
    IMPORTANT: This does NOT check view permissions. It only checks
 
62
    the objects in between the root and the view, exclusive!
 
63
    """
 
64
 
 
65
    def traversed_to_object(self, obj):
 
66
        """Check that the user has any permission at all over the object."""
 
67
        if (hasattr(obj, 'get_permissions') and
 
68
            len(obj.get_permissions(self.root.user)) == 0):
 
69
            raise Unauthorized()
 
70
 
 
71
 
53
72
def generate_publisher(view_plugins, root):
54
73
    """
55
74
    Build a Mapper object for doing URL matching using 'routes', based on the
56
75
    given plugin registry.
57
76
    """
58
 
    r = Publisher(root=root)
 
77
    r = ObjectPermissionCheckingPublisher(root=root)
59
78
 
60
79
    r.add_set_switch('api', 'api')
61
80
 
104
123
    if req.publicmode:
105
124
        raise NotImplementedError("no public mode with obtrav yet!")
106
125
 
107
 
    req.publisher = generate_publisher(config.plugin_index[ViewPlugin],
108
 
                                 ApplicationRoot(req.config, req.store))
 
126
    req.publisher = generate_publisher(
 
127
        config.plugin_index[ViewPlugin],
 
128
        ApplicationRoot(req.config, req.store, req.user))
109
129
 
110
130
    try:
111
131
        obj, viewcls, subpath = req.publisher.resolve(req.uri.decode('utf-8'))
154
174
        else:
155
175
            req.store.commit()
156
176
            return req.OK
 
177
    except Unauthorized, e:
 
178
        # Resolution failed due to a permission check. Display a pretty
 
179
        # error, or maybe a login page.
 
180
        XHTMLView.get_error_view(e)(req, e, req.publisher.root).render(req)
 
181
        return req.OK
157
182
    except PublishingError, e:
158
183
        req.status = 404
159
184