46
45
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
47
46
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
48
47
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
48
from ivle.webapp.publisher import Publisher, PublishingError
49
from ivle.webapp import ApplicationRoot
50
51
config = ivle.config.Config()
52
def generate_router(view_plugins, attr):
53
class ObjectPermissionCheckingPublisher(Publisher):
54
"""A specialised publisher that checks object permissions.
56
This publisher verifies that the user holds any permission at all
57
on the model objects through which the resolution path passes. If
58
no permission is held, resolution is aborted with an Unauthorized
61
IMPORTANT: This does NOT check view permissions. It only checks
62
the objects in between the root and the view, exclusive!
65
def traversed_to_object(self, obj):
66
"""Check that the user has any permission at all over the object."""
67
if (hasattr(obj, 'get_permissions') and
68
len(obj.get_permissions(self.root.user, config)) == 0):
69
# Indicate the forbidden object if this is an admin.
70
if self.root.user and self.root.user.admin:
71
raise Unauthorized('Unauthorized: %s' % obj)
76
def generate_publisher(view_plugins, root, publicmode=False):
54
78
Build a Mapper object for doing URL matching using 'routes', based on the
55
79
given plugin registry.
57
m = routes.Mapper(explicit=True)
81
r = ObjectPermissionCheckingPublisher(root=root)
83
r.add_set_switch('api', 'api')
86
view_attr = 'public_views'
87
forward_route_attr = 'public_forward_routes'
88
reverse_route_attr = 'public_reverse_routes'
91
forward_route_attr = 'forward_routes'
92
reverse_route_attr = 'reverse_routes'
58
95
for plugin in view_plugins:
59
# Establish a URL pattern for each element of plugin.urls
60
assert hasattr(plugin, 'urls'), "%r does not have any urls" % plugin
61
for url in getattr(plugin, attr):
64
kwargs_dict = url[2] if len(url) >= 3 else {}
65
m.connect(routex, view=view_class, **kwargs_dict)
96
if hasattr(plugin, forward_route_attr):
97
for fr in getattr(plugin, forward_route_attr):
98
# An annotated function can also be passed in directly.
99
if hasattr(fr, '_forward_route_meta'):
100
r.add_forward_func(fr)
104
if hasattr(plugin, reverse_route_attr):
105
for rr in getattr(plugin, reverse_route_attr):
106
# An annotated function can also be passed in directly.
107
if hasattr(rr, '_reverse_route_src'):
108
r.add_reverse_func(rr)
112
if hasattr(plugin, view_attr):
113
for v in getattr(plugin, view_attr):
68
118
def handler(apachereq):
69
119
"""Handles an HTTP request.
84
134
if user and user.valid:
88
req.mapper = generate_router(config.plugin_index[PublicViewPlugin],
91
req.mapper = generate_router(config.plugin_index[ViewPlugin], 'urls')
137
req.publisher = generate_publisher(
138
config.plugin_index[ViewPlugin],
139
ApplicationRoot(req.config, req.store, req.user),
140
publicmode=req.publicmode)
93
matchdict = req.mapper.match(req.uri)
94
if matchdict is not None:
95
viewcls = matchdict['view']
96
# Get the remaining arguments, less 'view', 'action' and 'controller'
97
# (The latter two seem to be built-in, and we don't want them).
98
kwargs = matchdict.copy()
143
obj, viewcls, subpath = req.publisher.resolve(req.uri.decode('utf-8'))
145
# We 404 if we have a subpath but the view forbids it.
146
if not viewcls.subpath_allowed and subpath:
101
149
# Instantiate the view, which should be a BaseView class
102
view = viewcls(req, **kwargs)
150
view = viewcls(req, obj, subpath)
104
152
# Check that the request (mainly the user) is permitted to access
106
154
if not view.authorize(req):
155
# Indicate the forbidden object if this is an admin.
156
if req.user and req.user.admin:
157
raise Unauthorized('Unauthorized: %s' % view)
108
160
# Render the output
110
162
except HTTPError, e:
139
191
req.store.commit()
142
XHTMLErrorView(req, NotFound()).render(req)
193
except Unauthorized, e:
194
# Resolution failed due to a permission check. Display a pretty
195
# error, or maybe a login page.
196
XHTMLView.get_error_view(e)(req, e, req.publisher.root).render(req)
198
except PublishingError, e:
201
if req.user and req.user.admin:
202
XHTMLErrorView(req, NotFound('Not found: ' +
203
str(e.args)), e[0]).render(req)
205
XHTMLErrorView(req, NotFound(), e[0]).render(req)
145
209
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):
189
257
# misbehaves (which is currently very easy, if things aren't set up
191
259
# Write the traceback.
192
# If this is a non-4xx IVLEError, get the message and httpcode and
193
# make the error message a bit nicer (but still include the
195
# We also need to special-case IVLEJailError, as we can get another
261
# We need to special-case IVLEJailError, as we can get another
196
262
# almost-exception out of it.
198
codename, msg = None, None
200
263
if exc_type is util.IVLEJailError:
201
msg = exc_value.type_str + ": " + exc_value.message
202
264
tb = 'Exception information extracted from IVLEJailError:\n'
203
265
tb += urllib.unquote(exc_value.info)
206
codename, msg = req.get_http_codename(httpcode)
207
except AttributeError:
210
267
tb = ''.join(traceback.format_exception(exc_type, exc_value,
213
logging.error('%s\n%s'%(str(msg), tb))
270
logging.error('\n' + tb)
215
272
# Error messages are only displayed is the user is NOT a student,
216
273
# or if there has been a problem logging the error message
added
removed
ivle/dispatch/__init__.py
