← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/base/xhtml.py

  • Committer: William Grant
  • Date: 2009-12-02 02:20:57 UTC
  • mto: This revision was merged to the branch mainline in revision 1353.
  • Revision ID: grantw@unimelb.edu.au-20091202022057-m3w3rzrzp47y89to
Refuse to traverse through an object to which the user has no permissions. This stops information leakage in breadcrumbs.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/webapp/base/xhtml.py
28
28
from ivle.webapp.base.views import BaseView
29
29
from ivle.webapp.base.plugins import ViewPlugin, OverlayPlugin
30
30
from ivle.webapp.errors import HTTPError, Unauthorized
 
31
from ivle.webapp.publisher import NoPath
 
32
from ivle.webapp.breadcrumbs import Breadcrumber
31
33
 
32
34
class XHTMLView(BaseView):
33
35
    """
37
39
    """
38
40
 
39
41
    template = 'template.html'
40
 
    plugin_scripts = {}
41
 
    plugin_styles = {}
42
42
    allow_overlays = True
43
 
    overlay_blacklist = []
44
 
 
45
 
    def __init__(self, req, **kwargs):
46
 
        for key in kwargs:
47
 
            setattr(self, key, kwargs[key])
 
43
    breadcrumb_text = None
 
44
 
 
45
    def __init__(self, *args, **kwargs):
 
46
        super(XHTMLView, self).__init__(*args, **kwargs)
 
47
 
 
48
        self.overlay_blacklist = []
 
49
 
 
50
        self.plugin_scripts = {}
 
51
        self.plugin_styles = {}
 
52
        self.scripts_init = []
 
53
 
 
54
        self.extra_breadcrumbs = []
 
55
        self.overlay_blacklist = []
 
56
 
 
57
    def get_context_ancestry(self, req):
 
58
        return req.publisher.get_ancestors(self.context)
48
59
 
49
60
    def filter(self, stream, ctx):
50
61
        return stream
64
75
        tmpl = loader.load(app_template)
65
76
        app = self.filter(tmpl.generate(viewctx), viewctx)
66
77
 
 
78
        view_scripts = []
67
79
        for plugin in self.plugin_scripts:
68
80
            for path in self.plugin_scripts[plugin]:
69
 
                req.scripts.append(media_url(req, plugin, path))
 
81
                view_scripts.append(media_url(req, plugin, path))
70
82
 
 
83
        view_styles = []
71
84
        for plugin in self.plugin_styles:
72
85
            for path in self.plugin_styles[plugin]:
73
 
                req.styles.append(media_url(req, plugin, path))
 
86
                view_styles.append(media_url(req, plugin, path))
74
87
 
75
88
        # Global template
76
89
        ctx = genshi.template.Context()
77
 
        # XXX: Leave this here!! (Before req.styles is read)
78
 
        ctx['overlays'] = self.render_overlays(req) if req.user else []
 
90
 
 
91
        overlay_bits = self.render_overlays(req) if req.user else [[]]*4
 
92
        ctx['overlays'] = overlay_bits[0]
79
93
 
80
94
        ctx['styles'] = [media_url(req, CorePlugin, 'ivle.css')]
81
 
        ctx['styles'] += req.styles
 
95
        ctx['styles'] += view_styles
 
96
        ctx['styles'] += overlay_bits[1]
82
97
 
83
98
        ctx['scripts'] = [media_url(req, CorePlugin, path) for path in
84
99
                           ('util.js', 'json2.js', 'md5.js')]
85
100
        ctx['scripts'].append(media_url(req, '+external/jquery', 'jquery.js'))
86
 
        ctx['scripts'] += req.scripts
 
101
        ctx['scripts'] += view_scripts
 
102
        ctx['scripts'] += overlay_bits[2]
87
103
 
88
 
        ctx['scripts_init'] = req.scripts_init
 
104
        ctx['scripts_init'] = self.scripts_init + overlay_bits[3]
89
105
        ctx['app_template'] = app
90
106
        ctx['title_img'] = media_url(req, CorePlugin,
91
 
                                     "images/chrome/title.png")
 
107
                                     "images/chrome/root-breadcrumb.png")
 
108
        try:
 
109
            ctx['ancestry'] = self.get_context_ancestry(req)
 
110
        except NoPath:
 
111
            ctx['ancestry'] = []
 
112
 
 
113
        # If the view has specified text for a breadcrumb, add one.
 
114
        if self.breadcrumb_text:
 
115
            ctx['extra_breadcrumbs'] = [ViewBreadcrumb(req, self)]
 
116
        else:
 
117
            ctx['extra_breadcrumbs'] = []
 
118
 
 
119
        # Allow the view to add its own fake breadcrumbs.
 
120
        ctx['extra_breadcrumbs'] += self.extra_breadcrumbs
 
121
 
 
122
        ctx['crumb'] = Breadcrumber(req).crumb
92
123
        self.populate_headings(req, ctx)
93
124
        tmpl = loader.load(os.path.join(os.path.dirname(__file__), 
94
125
                                                        'ivle-headings.html'))
149
180
        scripts_init.
150
181
        """
151
182
        overlays = []
 
183
        styles = []
 
184
        scripts = []
 
185
        scripts_init = []
152
186
        if not self.allow_overlays:
153
 
            return overlays
 
187
            return (overlays, styles, scripts, scripts_init)
154
188
 
155
189
        for plugin in req.config.plugin_index[OverlayPlugin]:
156
190
            for overclass in plugin.overlays:
160
194
                #TODO: Re-factor this to look nicer
161
195
                for mplugin in overlay.plugin_scripts:
162
196
                    for path in overlay.plugin_scripts[mplugin]:
163
 
                        req.scripts.append(media_url(req, mplugin, path))
 
197
                        scripts.append(media_url(req, mplugin, path))
164
198
 
165
199
                for mplugin in overlay.plugin_styles:
166
200
                    for path in overlay.plugin_styles[mplugin]:
167
 
                        req.styles.append(media_url(req, mplugin, path))
 
201
                        styles.append(media_url(req, mplugin, path))
168
202
 
169
 
                req.scripts_init += overlay.plugin_scripts_init
 
203
                scripts_init += overlay.plugin_scripts_init
170
204
 
171
205
                overlays.append(overlay.render(req))
172
 
        return overlays
 
206
        return (overlays, styles, scripts, scripts_init)
173
207
 
174
208
    @classmethod
175
209
    def get_error_view(cls, e):
182
216
class XHTMLErrorView(XHTMLView):
183
217
    template = 'xhtmlerror.html'
184
218
 
185
 
    def __init__(self, req, exception):
186
 
        self.context = exception
 
219
    def __init__(self, req, context, lastobj):
 
220
        super(XHTMLErrorView, self).__init__(req, context)
 
221
        self.lastobj = lastobj
 
222
 
 
223
    def get_context_ancestry(self, req):
 
224
        return req.publisher.get_ancestors(self.lastobj)
187
225
 
188
226
    def populate(self, req, ctx):
 
227
        ctx['req'] = req
189
228
        ctx['exception'] = self.context
190
229
 
191
230
class XHTMLUnauthorizedView(XHTMLErrorView):
192
231
    template = 'xhtmlunauthorized.html'
193
232
 
194
 
    def __init__(self, req, exception):
195
 
        super(XHTMLUnauthorizedView, self).__init__(req, exception)
 
233
    def __init__(self, req, exception, lastobj):
 
234
        super(XHTMLUnauthorizedView, self).__init__(req, exception, lastobj)
196
235
 
197
236
        if req.user is None:
198
237
            # Not logged in. Redirect to login page.
203
242
            req.throw_redirect('/+login' + query_string)
204
243
 
205
244
        req.status = 403
 
245
 
 
246
class ViewBreadcrumb(object):
 
247
    def __init__(self, req, context):
 
248
        self.req = req
 
249
        self.context = context
 
250
 
 
251
    @property
 
252
    def text(self):
 
253
        return self.context.breadcrumb_text