50
45
import ivle.webapp.security
51
46
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
52
47
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
53
from ivle.webapp.errors import BadRequest, HTTPError, NotFound, Unauthorized
54
from ivle.webapp.publisher import Publisher, PublishingError
55
from ivle.webapp import ApplicationRoot
48
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
57
50
config = ivle.config.Config()
59
class ObjectPermissionCheckingPublisher(Publisher):
60
"""A specialised publisher that checks object permissions.
62
This publisher verifies that the user holds any permission at all
63
on the model objects through which the resolution path passes. If
64
no permission is held, resolution is aborted with an Unauthorized
67
IMPORTANT: This does NOT check view permissions. It only checks
68
the objects in between the root and the view, exclusive!
71
def traversed_to_object(self, obj):
72
"""Check that the user has any permission at all over the object."""
73
if (hasattr(obj, 'get_permissions') and
74
len(obj.get_permissions(self.root.user, config)) == 0):
75
# Indicate the forbidden object if this is an admin.
76
if self.root.user and self.root.user.admin:
77
raise Unauthorized('Unauthorized: %s' % obj)
82
def generate_publisher(view_plugins, root, publicmode=False):
52
def generate_router(view_plugins, attr):
84
54
Build a Mapper object for doing URL matching using 'routes', based on the
85
55
given plugin registry.
87
r = ObjectPermissionCheckingPublisher(root=root)
89
r.add_set_switch('api', 'api')
92
view_attr = 'public_views'
93
forward_route_attr = 'public_forward_routes'
94
reverse_route_attr = 'public_reverse_routes'
97
forward_route_attr = 'forward_routes'
98
reverse_route_attr = 'reverse_routes'
57
m = routes.Mapper(explicit=True)
101
58
for plugin in view_plugins:
102
if hasattr(plugin, forward_route_attr):
103
for fr in getattr(plugin, forward_route_attr):
104
# An annotated function can also be passed in directly.
105
if hasattr(fr, '_forward_route_meta'):
106
r.add_forward_func(fr)
110
if hasattr(plugin, reverse_route_attr):
111
for rr in getattr(plugin, reverse_route_attr):
112
# An annotated function can also be passed in directly.
113
if hasattr(rr, '_reverse_route_src'):
114
r.add_reverse_func(rr)
118
if hasattr(plugin, view_attr):
119
for v in getattr(plugin, view_attr):
59
# Establish a URL pattern for each element of plugin.urls
60
assert hasattr(plugin, 'urls'), "%r does not have any urls" % plugin
61
for url in getattr(plugin, attr):
64
kwargs_dict = url[2] if len(url) >= 3 else {}
65
m.connect(routex, view=view_class, **kwargs_dict)
124
68
def handler(apachereq):
125
69
"""Handles an HTTP request.
131
75
# Make the request object into an IVLE request which can be given to views
132
76
req = Request(apachereq, config)
134
req.publisher = generate_publisher(
135
config.plugin_index[ViewPlugin], ApplicationRoot(req),
136
publicmode=req.publicmode)
139
obj, viewcls, subpath = req.publisher.resolve(req.uri.decode('utf-8'))
78
# Hack? Try and get the user login early just in case we throw an error
79
# (most likely 404) to stop us seeing not logged in even when we are.
80
if not req.publicmode:
81
user = ivle.webapp.security.get_user_details(req)
83
# Don't set the user if it is disabled or hasn't accepted the ToS.
84
if user and user.valid:
88
req.mapper = generate_router(config.plugin_index[PublicViewPlugin],
91
req.mapper = generate_router(config.plugin_index[ViewPlugin], 'urls')
93
matchdict = req.mapper.match(req.uri)
94
if matchdict is not None:
95
viewcls = matchdict['view']
96
# Get the remaining arguments, less 'view', 'action' and 'controller'
97
# (The latter two seem to be built-in, and we don't want them).
98
kwargs = matchdict.copy()
141
# We 404 if we have a subpath but the view forbids it.
142
if not viewcls.subpath_allowed and subpath:
145
101
# Instantiate the view, which should be a BaseView class
146
view = viewcls(req, obj, subpath)
102
view = viewcls(req, **kwargs)
148
104
# Check that the request (mainly the user) is permitted to access
150
106
if not view.authorize(req):
151
# Indicate the forbidden object if this is an admin.
152
if req.user and req.user.admin:
153
raise Unauthorized('Unauthorized: %s' % view)
157
# Non-GET requests from other sites leave us vulnerable to
159
referer = req.headers_in.get('Referer')
160
if (referer is None or
161
urlparse.urlparse(req.headers_in.get('Referer')).netloc !=
163
if req.method != 'GET' and not view.offsite_posts_allowed:
165
"Non-GET requests from external sites are forbidden "
166
"for security reasons.")
168
108
# Render the output
170
110
except HTTPError, e:
196
136
handle_unknown_exception(req, *sys.exc_info())
199
# Commit the transaction if we have a store open.
202
except Unauthorized, e:
203
# Resolution failed due to a permission check. Display a pretty
204
# error, or maybe a login page.
205
XHTMLView.get_error_view(e)(req, e, req.publisher.root).render(req)
207
except PublishingError, e:
210
if req.user and req.user.admin:
211
XHTMLErrorView(req, NotFound('Not found: ' +
212
str(e.args)), e[0]).render(req)
214
XHTMLErrorView(req, NotFound(), e[0]).render(req)
143
XHTMLErrorView(req, NotFound()).render(req)
218
# Make sure we close the store.
221
146
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):