~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/dispatch/__init__.py

  • Committer: William Grant
  • Date: 2010-02-16 04:11:46 UTC
  • Revision ID: grantw@unimelb.edu.au-20100216041146-rvfbuwin7fncc0nw
Restrict privileges on group-related userservice actions to users with admin_groups on the offering.

Show diffs side-by-side

added added

removed removed

Lines of Context:
30
30
import os
31
31
import os.path
32
32
import urllib
33
 
import urlparse
34
33
import cgi
35
34
import traceback
36
35
import logging
45
44
import ivle.webapp.security
46
45
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
47
46
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
48
 
from ivle.webapp.errors import BadRequest, HTTPError, NotFound, Unauthorized
 
47
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
49
48
from ivle.webapp.publisher import Publisher, PublishingError
50
49
from ivle.webapp import ApplicationRoot
51
50
 
126
125
    # Make the request object into an IVLE request which can be given to views
127
126
    req = Request(apachereq, config)
128
127
 
 
128
    # Hack? Try and get the user login early just in case we throw an error
 
129
    # (most likely 404) to stop us seeing not logged in even when we are.
 
130
    if not req.publicmode:
 
131
        user = ivle.webapp.security.get_user_details(req)
 
132
 
 
133
        # Don't set the user if it is disabled or hasn't accepted the ToS.
 
134
        if user and user.valid:
 
135
            req.user = user
 
136
 
129
137
    req.publisher = generate_publisher(
130
 
        config.plugin_index[ViewPlugin], ApplicationRoot(req),
 
138
        config.plugin_index[ViewPlugin],
 
139
        ApplicationRoot(req.config, req.store, req.user),
131
140
        publicmode=req.publicmode)
132
141
 
133
142
    try:
148
157
                    raise Unauthorized('Unauthorized: %s' % view)
149
158
                else:
150
159
                    raise Unauthorized()
151
 
 
152
 
            # Non-GET requests from other sites leave us vulnerable to
153
 
            # CSRFs. Block them.
154
 
            referer = req.headers_in.get('Referer')
155
 
            if (referer is None or
156
 
                urlparse.urlparse(req.headers_in.get('Referer')).netloc !=
157
 
                    req.hostname):
158
 
                if req.method != 'GET' and not view.offsite_posts_allowed:
159
 
                    raise BadRequest(
160
 
                        "Non-GET requests from external sites are forbidden "
161
 
                        "for security reasons.")
162
 
 
163
160
            # Render the output
164
161
            view.render(req)
165
162
        except HTTPError, e:
191
188
            handle_unknown_exception(req, *sys.exc_info())
192
189
            return req.OK
193
190
        else:
194
 
            # Commit the transaction if we have a store open.
195
 
            req.commit()
 
191
            req.store.commit()
196
192
            return req.OK
197
193
    except Unauthorized, e:
198
194
        # Resolution failed due to a permission check. Display a pretty
209
205
            XHTMLErrorView(req, NotFound(), e[0]).render(req)
210
206
 
211
207
        return req.OK
212
 
    finally:
213
 
        # Make sure we close the store.
214
 
        req.cleanup()
215
208
 
216
209
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):
217
210
    """
227
220
    logfile = os.path.join(config['paths']['logs'], 'ivle_error.log')
228
221
    logfail = False
229
222
 
230
 
    req.status = mod_python.apache.HTTP_INTERNAL_SERVER_ERROR
 
223
    # XXX: This remains here for ivle.interpret's IVLEErrors. Once we rewrite
 
224
    #      fileservice, req.status should always be 500 (ISE) here.
 
225
    try:
 
226
        httpcode = exc_value.httpcode
 
227
        req.status = httpcode
 
228
    except AttributeError:
 
229
        httpcode = None
 
230
        req.status = mod_python.apache.HTTP_INTERNAL_SERVER_ERROR
231
231
 
232
232
    try:
233
233
        publicmode = req.publicmode