~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/dispatch/__init__.py

  • Committer: William Grant
  • Date: 2010-02-03 04:13:06 UTC
  • mto: This revision was merged to the branch mainline in revision 1467.
  • Revision ID: grantw@unimelb.edu.au-20100203041306-mms3mre4r07gxt16
Replace the Packaging document with a general Releases one, and cover both source tarball and Ubuntu package releases.

Show diffs side-by-side

added added

removed removed

Lines of Context:
30
30
import os
31
31
import os.path
32
32
import urllib
33
 
import urlparse
34
33
import cgi
35
34
import traceback
36
35
import logging
45
44
import ivle.webapp.security
46
45
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
47
46
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
48
 
from ivle.webapp.errors import BadRequest, HTTPError, NotFound, Unauthorized
 
47
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
49
48
from ivle.webapp.publisher import Publisher, PublishingError
50
49
from ivle.webapp import ApplicationRoot
51
50
 
66
65
    def traversed_to_object(self, obj):
67
66
        """Check that the user has any permission at all over the object."""
68
67
        if (hasattr(obj, 'get_permissions') and
69
 
            len(obj.get_permissions(self.root.user, config)) == 0):
 
68
            len(obj.get_permissions(self.root.user)) == 0):
70
69
            # Indicate the forbidden object if this is an admin.
71
70
            if self.root.user and self.root.user.admin:
72
71
                raise Unauthorized('Unauthorized: %s' % obj)
126
125
    # Make the request object into an IVLE request which can be given to views
127
126
    req = Request(apachereq, config)
128
127
 
 
128
    # Hack? Try and get the user login early just in case we throw an error
 
129
    # (most likely 404) to stop us seeing not logged in even when we are.
 
130
    if not req.publicmode:
 
131
        user = ivle.webapp.security.get_user_details(req)
 
132
 
 
133
        # Don't set the user if it is disabled or hasn't accepted the ToS.
 
134
        if user and user.valid:
 
135
            req.user = user
 
136
 
129
137
    req.publisher = generate_publisher(
130
 
        config.plugin_index[ViewPlugin], ApplicationRoot(req),
 
138
        config.plugin_index[ViewPlugin],
 
139
        ApplicationRoot(req.config, req.store, req.user),
131
140
        publicmode=req.publicmode)
132
141
 
133
142
    try:
148
157
                    raise Unauthorized('Unauthorized: %s' % view)
149
158
                else:
150
159
                    raise Unauthorized()
151
 
 
152
 
            # Non-GET requests from other sites leave us vulnerable to
153
 
            # CSRFs. Block them.
154
 
            referer = req.headers_in.get('Referer')
155
 
            if (referer is None or
156
 
                urlparse.urlparse(req.headers_in.get('Referer')).netloc !=
157
 
                    req.hostname):
158
 
                if req.method != 'GET' and not view.offsite_posts_allowed:
159
 
                    raise BadRequest(
160
 
                        "Non-GET requests from external sites are forbidden "
161
 
                        "for security reasons.")
162
 
 
163
160
            # Render the output
164
161
            view.render(req)
165
162
        except HTTPError, e:
191
188
            handle_unknown_exception(req, *sys.exc_info())
192
189
            return req.OK
193
190
        else:
194
 
            # Commit the transaction if we have a store open.
195
 
            req.commit()
 
191
            req.store.commit()
196
192
            return req.OK
197
193
    except Unauthorized, e:
198
194
        # Resolution failed due to a permission check. Display a pretty
209
205
            XHTMLErrorView(req, NotFound(), e[0]).render(req)
210
206
 
211
207
        return req.OK
212
 
    finally:
213
 
        # Make sure we close the store.
214
 
        req.cleanup()
215
208
 
216
209
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):
217
210
    """