40
from mod_python import apache, Cookie
42
41
from ivle import util
48
from request import Request
49
import plugins.console # XXX: Relies on www/ being in the Python path.
52
"""Handles a request which may be to anywhere in the site except media.
43
from ivle.dispatch.request import Request
44
import ivle.webapp.security
45
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
46
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
47
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
48
from ivle.webapp.publisher import Publisher, PublishingError
49
from ivle.webapp import ApplicationRoot
51
config = ivle.config.Config()
53
class ObjectPermissionCheckingPublisher(Publisher):
54
"""A specialised publisher that checks object permissions.
56
This publisher verifies that the user holds any permission at all
57
on the model objects through which the resolution path passes. If
58
no permission is held, resolution is aborted with an Unauthorized
61
IMPORTANT: This does NOT check view permissions. It only checks
62
the objects in between the root and the view, exclusive!
65
def traversed_to_object(self, obj):
66
"""Check that the user has any permission at all over the object."""
67
if (hasattr(obj, 'get_permissions') and
68
len(obj.get_permissions(self.root.user)) == 0):
69
# Indicate the forbidden object if this is an admin.
70
if self.root.user and self.root.user.admin:
71
raise Unauthorized('Unauthorized: %s' % obj)
76
def generate_publisher(view_plugins, root, publicmode=False):
78
Build a Mapper object for doing URL matching using 'routes', based on the
79
given plugin registry.
81
r = ObjectPermissionCheckingPublisher(root=root)
83
r.add_set_switch('api', 'api')
86
view_attr = 'public_views'
87
forward_route_attr = 'public_forward_routes'
88
reverse_route_attr = 'public_reverse_routes'
91
forward_route_attr = 'forward_routes'
92
reverse_route_attr = 'reverse_routes'
95
for plugin in view_plugins:
96
if hasattr(plugin, forward_route_attr):
97
for fr in getattr(plugin, forward_route_attr):
98
# An annotated function can also be passed in directly.
99
if hasattr(fr, '_forward_route_meta'):
100
r.add_forward_func(fr)
104
if hasattr(plugin, reverse_route_attr):
105
for rr in getattr(plugin, reverse_route_attr):
106
# An annotated function can also be passed in directly.
107
if hasattr(rr, '_reverse_route_src'):
108
r.add_reverse_func(rr)
112
if hasattr(plugin, view_attr):
113
for v in getattr(plugin, view_attr):
118
def handler(apachereq):
119
"""Handles an HTTP request.
53
121
Intended to be called by mod_python, as a handler.
55
req: An Apache request object.
57
# Make the request object into an IVLE request which can be passed to apps
60
req = Request(req, html.write_html_head)
62
# Pass the apachereq to error reporter, since ivle req isn't created
64
handle_unknown_exception(apachereq, *sys.exc_info())
65
# Tell Apache not to generate its own errors as well
68
# Run the main handler, and catch all exceptions
70
return handler_(req, apachereq)
71
except mod_python.apache.SERVER_RETURN:
72
# An apache error. We discourage these, but they might still happen.
76
handle_unknown_exception(req, *sys.exc_info())
77
# Tell Apache not to generate its own errors as well
80
def handler_(req, apachereq):
82
Nested handler function. May raise exceptions. The top-level handler is
83
just used to catch exceptions.
84
Takes both an IVLE request and an Apache req.
123
@param apachereq: An Apache request object.
125
# Make the request object into an IVLE request which can be given to views
126
req = Request(apachereq, config)
86
128
# Hack? Try and get the user login early just in case we throw an error
87
129
# (most likely 404) to stop us seeing not logged in even when we are.
88
130
if not req.publicmode:
89
req.user = login.get_user_details(req)
91
# Check req.app to see if it is valid. 404 if not.
92
if req.app is not None and req.app not in ivle.conf.apps.app_url:
93
req.throw_error(Request.HTTP_NOT_FOUND,
94
"There is no application called %s." % repr(req.app))
96
# Special handling for public mode - only allow the public app, call it
98
# NOTE: This will not behave correctly if the public app uses
99
# write_html_head_foot, but "serve" does not.
101
if req.app != ivle.conf.apps.public_app:
102
req.throw_error(Request.HTTP_FORBIDDEN,
103
"This application is not available on the public site.")
104
app = ivle.conf.apps.app_url[ivle.conf.apps.public_app]
105
apps.call_app(app.dir, req)
108
# app is the App object for the chosen app
110
app = ivle.conf.apps.app_url[ivle.conf.apps.default_app]
112
app = ivle.conf.apps.app_url[req.app]
114
# Check if app requires auth. If so, perform authentication and login.
115
# This will either return a User object, None, or perform a redirect
116
# which we will not catch here.
118
req.user = login.login(req)
119
logged_in = req.user is not None
121
req.user = login.get_user_details(req)
125
# Keep the user's session alive by writing to the session object.
126
# req.get_session().save()
127
# Well, it's a fine idea, but it creates considerable grief in the
128
# concurrent update department, so instead, we'll just make the
129
# sessions not time out.
130
req.get_session().unlock()
132
# If user did not specify an app, HTTP redirect to default app and
135
req.throw_redirect(util.make_path(ivle.conf.apps.default_app))
137
# Set the default title to the app's tab name, if any. Otherwise URL
139
if app.name is not None:
144
# Call the specified app with the request object
145
apps.call_app(app.dir, req)
147
# if not logged in, login.login will have written the login box.
148
# Just clean up and exit.
150
# MAKE SURE we write the HTTP (and possibly HTML) header. This
151
# wouldn't happen if nothing else ever got written, so we have to make
153
req.ensure_headers_written()
155
# When done, write out the HTML footer if the app has requested it
156
if req.write_html_head_foot:
157
# Show the console if required
158
if logged_in and app.useconsole:
159
plugins.console.present(req, windowpane=True)
160
html.write_html_foot(req)
162
# Note: Apache will not write custom HTML error messages here.
163
# Use req.throw_error to do that.
131
user = ivle.webapp.security.get_user_details(req)
133
# Don't set the user if it is disabled or hasn't accepted the ToS.
134
if user and user.valid:
137
req.publisher = generate_publisher(
138
config.plugin_index[ViewPlugin],
139
ApplicationRoot(req.config, req.store, req.user),
140
publicmode=req.publicmode)
143
obj, viewcls, subpath = req.publisher.resolve(req.uri.decode('utf-8'))
145
# We 404 if we have a subpath but the view forbids it.
146
if not viewcls.subpath_allowed and subpath:
149
# Instantiate the view, which should be a BaseView class
150
view = viewcls(req, obj, subpath)
152
# Check that the request (mainly the user) is permitted to access
154
if not view.authorize(req):
155
# Indicate the forbidden object if this is an admin.
156
if req.user and req.user.admin:
157
raise Unauthorized('Unauthorized: %s' % view)
163
# A view explicitly raised an HTTP error. Respect it.
166
# Try to find a custom error view.
167
if hasattr(viewcls, 'get_error_view'):
168
errviewcls = viewcls.get_error_view(e)
170
errviewcls = XHTMLView.get_error_view(e)
173
errview = errviewcls(req, e, obj)
181
except mod_python.apache.SERVER_RETURN:
182
# A mod_python-specific Apache error.
183
# XXX: We need to raise these because req.throw_error() uses them.
184
# Remove this after Google Code issue 117 is fixed.
187
# A non-HTTPError appeared. We have an unknown exception. Panic.
188
handle_unknown_exception(req, *sys.exc_info())
193
except Unauthorized, e:
194
# Resolution failed due to a permission check. Display a pretty
195
# error, or maybe a login page.
196
XHTMLView.get_error_view(e)(req, e, req.publisher.root).render(req)
198
except PublishingError, e:
201
if req.user and req.user.admin:
202
XHTMLErrorView(req, NotFound('Not found: ' +
203
str(e.args)), e[0]).render(req)
205
XHTMLErrorView(req, NotFound(), e[0]).render(req)
166
209
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):
214
logging.debug('Logging Unhandled Exception')
216
# We handle 3 types of error.
217
# IVLEErrors with 4xx response codes (client error).
218
# IVLEErrors with 5xx response codes (handled server error).
219
# Other exceptions (unhandled server error).
220
# IVLEErrors should not have other response codes than 4xx or 5xx
221
# (eg. throw_redirect should have been used for 3xx codes).
222
# Therefore, that is treated as an unhandled error.
224
if (exc_type == util.IVLEError and httpcode >= 400
225
and httpcode <= 499):
226
# IVLEErrors with 4xx response codes are client errors.
227
# Therefore, these have a "nice" response (we even coat it in the IVLE
230
req.write_html_head_foot = True
231
req.write_javascript_settings = False
232
req.write('<div id="ivle_padding">\n')
234
codename, msg = req.get_http_codename(httpcode)
235
except AttributeError:
236
codename, msg = None, None
237
# Override the default message with the supplied one,
239
if exc_value.message is not None:
240
msg = exc_value.message
241
if codename is not None:
242
req.write("<h1>Error: %s</h1>\n" % cgi.escape(codename))
244
req.write("<h1>Error</h1>\n")
246
req.write("<p>%s</p>\n" % cgi.escape(msg))
248
req.write("<p>An unknown error occured.</p>\n")
251
logging.info(str(msg))
253
req.write("<p>(HTTP error code %d)</p>\n" % httpcode)
255
req.write("<p>Warning: Could not open Error Log: '%s'</p>\n"
256
%cgi.escape(logfile))
257
req.write('</div>\n')
258
html.write_html_foot(req)
256
# A "bad" error message. We shouldn't get here unless IVLE
257
# misbehaves (which is currently very easy, if things aren't set up
259
# Write the traceback.
261
# We need to special-case IVLEJailError, as we can get another
262
# almost-exception out of it.
263
if exc_type is util.IVLEJailError:
264
tb = 'Exception information extracted from IVLEJailError:\n'
265
tb += urllib.unquote(exc_value.info)
260
# A "bad" error message. We shouldn't get here unless IVLE
261
# misbehaves (which is currently very easy, if things aren't set up
263
# Write the traceback.
264
# If this is a non-4xx IVLEError, get the message and httpcode and
265
# make the error message a bit nicer (but still include the
267
# We also need to special-case IVLEJailError, as we can get another
268
# almost-exception out of it.
270
codename, msg = None, None
272
if exc_type is util.IVLEJailError:
273
msg = exc_value.type_str + ": " + exc_value.message
274
tb = 'Exception information extracted from IVLEJailError:\n'
275
tb += urllib.unquote(exc_value.info)
278
codename, msg = req.get_http_codename(httpcode)
279
except AttributeError:
281
# Override the default message with the supplied one,
283
if hasattr(exc_value, 'message') and exc_value.message is not None:
284
msg = exc_value.message
285
# Prepend the exception type
286
if exc_type != util.IVLEError:
287
msg = exc_type.__name__ + ": " + msg
289
tb = ''.join(traceback.format_exception(exc_type, exc_value,
293
logging.error('%s\n%s'%(str(msg), tb))
295
req.write("""<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
267
tb = ''.join(traceback.format_exception(exc_type, exc_value,
270
logging.error('\n' + tb)
272
# Error messages are only displayed is the user is NOT a student,
273
# or if there has been a problem logging the error message
274
show_errors = (not publicmode) and ((login and req.user.admin) or logfail)
275
req.write("""<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
296
276
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
297
277
<html xmlns="http://www.w3.org/1999/xhtml">
298
278
<head><title>IVLE Internal Server Error</title></head>
300
<h1>IVLE Internal Server Error""")
301
if (codename is not None
302
and httpcode != apache.HTTP_INTERNAL_SERVER_ERROR):
303
req.write(": %s" % cgi.escape(codename))
280
<h1>IVLE Internal Server Error</h1>
305
281
<p>An error has occured which is the fault of the IVLE developers or
309
req.write("<p>%s</p>\n" % cgi.escape(msg))
310
if httpcode is not None:
311
req.write("<p>(HTTP error code %d)</p>\n" % httpcode)
313
<p>Please report this to <a href="mailto:%s">%s</a> (the system
314
administrator). Include the following information:</p>
315
""" % (cgi.escape(admin_email), cgi.escape(admin_email)))
285
req.write("Please report this issue to the server administrators, "
286
"along with the following information.")
288
req.write("Details have been logged for further examination.")
292
req.write("<h2>Debugging information</h2>")
317
293
req.write("<pre>\n%s\n</pre>\n"%cgi.escape(tb))
319
req.write("<p>Warning: Could not open Error Log: '%s'</p>\n"
320
%cgi.escape(logfile))
321
req.write("</body></html>")
294
req.write("</body></html>")
added
removed
ivle/dispatch/__init__.py
