~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/dispatch/__init__.py

• browse files at revision 1494
• compare with another revision
• download diff
• download tarball
• view history from revision 1494

• reverse the comparison (1494 to 1707)
• stop comparing with revision 1707

Show diffs side-by-side

added

removed

ivle/dispatch/__init__.py

30

30

import os

31

31

import os.path

32

32

import urllib

33

 

import urlparse

34

33

import cgi

35

34

import traceback

36

35

import logging

45

44

import ivle.webapp.security

46

45

from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin

47

46

from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView

48

 

from ivle.webapp.errors import BadRequest, HTTPError, NotFound, Unauthorized

 

47

from ivle.webapp.errors import HTTPError, Unauthorized, NotFound

49

48

from ivle.webapp.publisher import Publisher, PublishingError

50

49

from ivle.webapp import ApplicationRoot

51

50

 

66

65

    def traversed_to_object(self, obj):

67

66

        """Check that the user has any permission at all over the object."""

68

67

        if (hasattr(obj, 'get_permissions') and

69

 

            len(obj.get_permissions(self.root.user, config)) == 0):

 

68

            len(obj.get_permissions(self.root.user)) == 0):

70

69

            # Indicate the forbidden object if this is an admin.

71

70

            if self.root.user and self.root.user.admin:

72

71

                raise Unauthorized('Unauthorized: %s' % obj)

158

157

                    raise Unauthorized('Unauthorized: %s' % view)

159

158

                else:

160

159

                    raise Unauthorized()

161

 

 

162

 

            # Non-GET requests from other sites leave us vulnerable to

163

 

            # CSRFs. Block them.

164

 

            referer = req.headers_in.get('Referer')

165

 

            if (referer is None or

166

 

                urlparse.urlparse(req.headers_in.get('Referer')).netloc !=

167

 

                    req.hostname):

168

 

                if req.method != 'GET' and not view.offsite_posts_allowed:

169

 

                    raise BadRequest(

170

 

                        "Non-GET requests from external sites are forbidden "

171

 

                        "for security reasons.")

172

 

 

173

160

            # Render the output

174

161

            view.render(req)

175

162

        except HTTPError, e:

218

205

            XHTMLErrorView(req, NotFound(), e[0]).render(req)

219

206

 

220

207

        return req.OK

221

 

    finally:

222

 

        req.store.close()

223

208

 

224

209

def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):

225

210

    """

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1