← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/database.py

  • Committer: William Grant
  • Date: 2010-02-23 08:48:09 UTC
  • mfrom: (1673 trunk)
  • mto: This revision was merged to the branch mainline in revision 1674.
  • Revision ID: grantw@unimelb.edu.au-20100223084809-du6dvsxrjhw15ytr
Merge trunk.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/database.py
25
25
 
26
26
import hashlib
27
27
import datetime
 
28
import os
28
29
 
29
30
from storm.locals import create_database, Store, Int, Unicode, DateTime, \
30
31
                         Reference, ReferenceSet, Bool, Storm, Desc
472
473
        return "<%s %r in %r>" % (type(self).__name__, self.user,
473
474
                                  self.offering)
474
475
 
 
476
    def get_permissions(self, user, config):
 
477
        # A user can edit any enrolment that they could have created.
 
478
        perms = set()
 
479
        if ('enrol_' + str(self.role)) in self.offering.get_permissions(
 
480
            user, config):
 
481
            perms.add('edit')
 
482
        return perms
 
483
 
 
484
    def delete(self):
 
485
        """Delete this enrolment."""
 
486
        Store.of(self).remove(self)
 
487
 
 
488
 
475
489
# PROJECTS #
476
490
 
477
491
class ProjectSet(Storm):
594
608
 
595
609
        a = Assessed.get(Store.of(self), principal, self)
596
610
        ps = ProjectSubmission()
597
 
        ps.path = path
 
611
        # Raise SubmissionError if the path is illegal
 
612
        ps.path = ProjectSubmission.test_and_normalise_path(path)
598
613
        ps.revision = revision
599
614
        ps.date_submitted = datetime.datetime.now()
600
615
        ps.assessed = a
800
815
    approver = Reference(approver_id, User.id)
801
816
    notes = Unicode()
802
817
 
 
818
class SubmissionError(Exception):
 
819
    """Denotes a validation error during submission."""
 
820
    pass
 
821
 
803
822
class ProjectSubmission(Storm):
804
823
    """A submission from a user or group repository to a particular project.
805
824
 
835
854
        return "/files/%s/%s/%s?r=%d" % (user.login,
836
855
            self.assessed.checkout_location, submitpath, self.revision)
837
856
 
 
857
    @staticmethod
 
858
    def test_and_normalise_path(path):
 
859
        """Test that path is valid, and normalise it. This prevents possible
 
860
        injections using malicious paths.
 
861
        Returns the updated path, if successful.
 
862
        Raises SubmissionError if invalid.
 
863
        """
 
864
        # Ensure the path is absolute to prevent being tacked onto working
 
865
        # directories.
 
866
        # Prevent '\n' because it will break all sorts of things.
 
867
        # Prevent '[' and ']' because they can be used to inject into the
 
868
        # svn.conf.
 
869
        # Normalise to avoid resulting in ".." path segments.
 
870
        if not os.path.isabs(path):
 
871
            raise SubmissionError("Path is not absolute")
 
872
        if any(c in path for c in "\n[]"):
 
873
            raise SubmissionError("Path must not contain '\\n', '[' or ']'")
 
874
        return os.path.normpath(path)
 
875
 
838
876
# WORKSHEETS AND EXERCISES #
839
877
 
840
878
class Exercise(Storm):