43
41
from ivle import util
46
43
from ivle.dispatch.request import Request
47
from ivle.dispatch import login
48
from ivle.webapp.base.plugins import ViewPlugin
49
from ivle.webapp.errors import HTTPError, Unauthorized
53
# XXX List of plugins, which will eventually be read in from conf
55
'ivle.webapp.core#Plugin',
56
'ivle.webapp.admin.user#Plugin',
57
'ivle.webapp.tutorial#Plugin',
58
'ivle.webapp.admin.subject#Plugin',
59
'ivle.webapp.filesystem.browser#Plugin',
60
'ivle.webapp.filesystem.diff#Plugin',
61
'ivle.webapp.filesystem.svnlog#Plugin',
62
'ivle.webapp.filesystem.serve#Plugin',
63
'ivle.webapp.groups#Plugin',
64
'ivle.webapp.console#Plugin',
65
'ivle.webapp.security#Plugin',
66
'ivle.webapp.media#Plugin',
67
'ivle.webapp.forum#Plugin',
68
'ivle.webapp.help#Plugin',
69
'ivle.webapp.tos#Plugin',
70
'ivle.webapp.userservice#Plugin',
73
def generate_route_mapper(view_plugins):
44
import ivle.webapp.security
45
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
46
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
47
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
48
from ivle.webapp.publisher import Publisher, PublishingError
49
from ivle.webapp import ApplicationRoot
51
config = ivle.config.Config()
53
class ObjectPermissionCheckingPublisher(Publisher):
54
"""A specialised publisher that checks object permissions.
56
This publisher verifies that the user holds any permission at all
57
on the model objects through which the resolution path passes. If
58
no permission is held, resolution is aborted with an Unauthorized
61
IMPORTANT: This does NOT check view permissions. It only checks
62
the objects in between the root and the view, exclusive!
65
def traversed_to_object(self, obj):
66
"""Check that the user has any permission at all over the object."""
67
if (hasattr(obj, 'get_permissions') and
68
len(obj.get_permissions(self.root.user, config)) == 0):
69
# Indicate the forbidden object if this is an admin.
70
if self.root.user and self.root.user.admin:
71
raise Unauthorized('Unauthorized: %s' % obj)
76
def generate_publisher(view_plugins, root, publicmode=False):
75
78
Build a Mapper object for doing URL matching using 'routes', based on the
76
79
given plugin registry.
78
m = routes.Mapper(explicit=True)
81
r = ObjectPermissionCheckingPublisher(root=root)
83
r.add_set_switch('api', 'api')
86
view_attr = 'public_views'
87
forward_route_attr = 'public_forward_routes'
88
reverse_route_attr = 'public_reverse_routes'
91
forward_route_attr = 'forward_routes'
92
reverse_route_attr = 'reverse_routes'
79
95
for plugin in view_plugins:
80
# Establish a URL pattern for each element of plugin.urls
81
assert hasattr(plugin, 'urls'), "%r does not have any urls" % plugin
82
for url in plugin.urls:
85
kwargs_dict = url[2] if len(url) >= 3 else {}
86
m.connect(routex, view=view_class, **kwargs_dict)
89
def get_plugin(pluginstr):
90
plugin_path, classname = pluginstr.split('#')
91
# Load the plugin module from somewhere in the Python path
92
# (Note that plugin_path is a fully-qualified Python module name).
94
getattr(__import__(plugin_path, fromlist=[classname]), classname))
97
"""Handles a request which may be to anywhere in the site except media.
96
if hasattr(plugin, forward_route_attr):
97
for fr in getattr(plugin, forward_route_attr):
98
# An annotated function can also be passed in directly.
99
if hasattr(fr, '_forward_route_meta'):
100
r.add_forward_func(fr)
104
if hasattr(plugin, reverse_route_attr):
105
for rr in getattr(plugin, reverse_route_attr):
106
# An annotated function can also be passed in directly.
107
if hasattr(rr, '_reverse_route_src'):
108
r.add_reverse_func(rr)
112
if hasattr(plugin, view_attr):
113
for v in getattr(plugin, view_attr):
118
def handler(apachereq):
119
"""Handles an HTTP request.
98
121
Intended to be called by mod_python, as a handler.
100
req: An Apache request object.
102
# Make the request object into an IVLE request which can be passed to apps
105
req = Request(req, html.write_html_head)
107
# Pass the apachereq to error reporter, since ivle req isn't created
109
handle_unknown_exception(apachereq, *sys.exc_info())
110
# Tell Apache not to generate its own errors as well
111
return mod_python.apache.OK
113
# Run the main handler, and catch all exceptions
115
return handler_(req, apachereq)
116
except mod_python.apache.SERVER_RETURN:
117
# An apache error. We discourage these, but they might still happen.
121
handle_unknown_exception(req, *sys.exc_info())
122
# Tell Apache not to generate its own errors as well
123
return mod_python.apache.OK
125
def handler_(req, apachereq):
127
Nested handler function. May raise exceptions. The top-level handler is
128
just used to catch exceptions.
129
Takes both an IVLE request and an Apache req.
123
@param apachereq: An Apache request object.
125
# Make the request object into an IVLE request which can be given to views
126
req = Request(apachereq, config)
131
128
# Hack? Try and get the user login early just in case we throw an error
132
129
# (most likely 404) to stop us seeing not logged in even when we are.
133
130
if not req.publicmode:
134
user = login.get_user_details(req)
131
user = ivle.webapp.security.get_user_details(req)
136
133
# Don't set the user if it is disabled or hasn't accepted the ToS.
137
134
if user and user.valid:
140
### BEGIN New plugins framework ###
141
# XXX This should be done ONCE per Python process, not per request.
143
req.plugins = dict([get_plugin(pluginstr) for pluginstr in plugins_HACK])
144
# Index the plugins by base class
145
req.plugin_index = {}
146
for plugin in req.plugins.values():
147
# Getmro returns a tuple of all the super-classes of the plugin
148
for base in inspect.getmro(plugin):
149
if base not in req.plugin_index:
150
req.plugin_index[base] = []
151
req.plugin_index[base].append(plugin)
152
req.reverse_plugins = dict([(v, k) for (k, v) in req.plugins.items()])
153
req.mapper = generate_route_mapper(req.plugin_index[ViewPlugin])
137
req.publisher = generate_publisher(
138
config.plugin_index[ViewPlugin],
139
ApplicationRoot(req.config, req.store, req.user),
140
publicmode=req.publicmode)
155
matchdict = req.mapper.match(req.uri)
156
if matchdict is not None:
157
viewcls = matchdict['view']
158
# Get the remaining arguments, less 'view', 'action' and 'controller'
159
# (The latter two seem to be built-in, and we don't want them).
160
kwargs = matchdict.copy()
143
obj, viewcls, subpath = req.publisher.resolve(req.uri.decode('utf-8'))
145
# We 404 if we have a subpath but the view forbids it.
146
if not viewcls.subpath_allowed and subpath:
163
149
# Instantiate the view, which should be a BaseView class
164
view = viewcls(req, **kwargs)
150
view = viewcls(req, obj, subpath)
166
152
# Check that the request (mainly the user) is permitted to access
168
154
if not view.authorize(req):
155
# Indicate the forbidden object if this is an admin.
156
if req.user and req.user.admin:
157
raise Unauthorized('Unauthorized: %s' % view)
170
160
# Render the output
172
162
except HTTPError, e:
196
191
req.store.commit()
198
### END New plugins framework ###
200
# Check req.app to see if it is valid. 404 if not.
201
if req.app is not None and req.app not in ivle.conf.apps.app_url:
202
req.throw_error(Request.HTTP_NOT_FOUND,
203
"There is no application called %s." % repr(req.app))
205
# Special handling for public mode - only allow the public app, call it
207
# NOTE: This will not behave correctly if the public app uses
208
# write_html_head_foot, but "serve" does not.
210
if req.app != ivle.conf.apps.public_app:
211
req.throw_error(Request.HTTP_FORBIDDEN,
212
"This application is not available on the public site.")
213
app = ivle.conf.apps.app_url[ivle.conf.apps.public_app]
214
apps.call_app(app.dir, req)
193
except Unauthorized, e:
194
# Resolution failed due to a permission check. Display a pretty
195
# error, or maybe a login page.
196
XHTMLView.get_error_view(e)(req, e, req.publisher.root).render(req)
217
# app is the App object for the chosen app
219
app = ivle.conf.apps.app_url[ivle.conf.apps.default_app]
221
app = ivle.conf.apps.app_url[req.app]
223
# Check if app requires auth. If so, perform authentication and login.
224
# This will either return a User object, None, or perform a redirect
225
# which we will not catch here.
227
logged_in = req.user is not None
231
assert logged_in # XXX
234
# Keep the user's session alive by writing to the session object.
235
# req.get_session().save()
236
# Well, it's a fine idea, but it creates considerable grief in the
237
# concurrent update department, so instead, we'll just make the
238
# sessions not time out.
239
req.get_session().unlock()
241
# If user did not specify an app, HTTP redirect to default app and
244
req.throw_redirect(util.make_path(ivle.conf.apps.default_app))
246
# Set the default title to the app's tab name, if any. Otherwise URL
248
if app.name is not None:
198
except PublishingError, e:
201
if req.user and req.user.admin:
202
XHTMLErrorView(req, NotFound('Not found: ' +
203
str(e.args)), e[0]).render(req)
253
# Call the specified app with the request object
254
apps.call_app(app.dir, req)
256
# if not logged in, login.login will have written the login box.
257
# Just clean up and exit.
259
# MAKE SURE we write the HTTP (and possibly HTML) header. This
260
# wouldn't happen if nothing else ever got written, so we have to make
262
req.ensure_headers_written()
264
# When done, write out the HTML footer if the app has requested it
265
if req.write_html_head_foot:
266
html.write_html_foot(req)
268
# Note: Apache will not write custom HTML error messages here.
269
# Use req.throw_error to do that.
205
XHTMLErrorView(req, NotFound(), e[0]).render(req)
272
211
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):
328
logging.debug('Logging Unhandled Exception')
330
# We handle 3 types of error.
331
# IVLEErrors with 4xx response codes (client error).
332
# IVLEErrors with 5xx response codes (handled server error).
333
# Other exceptions (unhandled server error).
334
# IVLEErrors should not have other response codes than 4xx or 5xx
335
# (eg. throw_redirect should have been used for 3xx codes).
336
# Therefore, that is treated as an unhandled error.
338
if (exc_type == util.IVLEError and httpcode >= 400
339
and httpcode <= 499):
340
# IVLEErrors with 4xx response codes are client errors.
341
# Therefore, these have a "nice" response (we even coat it in the IVLE
344
req.write_html_head_foot = True
345
req.write_javascript_settings = False
346
req.write('<div id="ivle_padding">\n')
348
codename, msg = req.get_http_codename(httpcode)
349
except AttributeError:
350
codename, msg = None, None
351
# Override the default message with the supplied one,
353
if exc_value.message is not None:
354
msg = exc_value.message
355
if codename is not None:
356
req.write("<h1>Error: %s</h1>\n" % cgi.escape(codename))
358
req.write("<h1>Error</h1>\n")
360
req.write("<p>%s</p>\n" % cgi.escape(msg))
362
req.write("<p>An unknown error occured.</p>\n")
365
logging.info(str(msg))
367
req.write("<p>(HTTP error code %d)</p>\n" % httpcode)
369
req.write("<p>Warning: Could not open Error Log: '%s'</p>\n"
370
%cgi.escape(logfile))
371
req.write('</div>\n')
372
html.write_html_foot(req)
258
# A "bad" error message. We shouldn't get here unless IVLE
259
# misbehaves (which is currently very easy, if things aren't set up
261
# Write the traceback.
263
# We need to special-case IVLEJailError, as we can get another
264
# almost-exception out of it.
265
if exc_type is util.IVLEJailError:
266
tb = 'Exception information extracted from IVLEJailError:\n'
267
tb += urllib.unquote(exc_value.info)
374
# A "bad" error message. We shouldn't get here unless IVLE
375
# misbehaves (which is currently very easy, if things aren't set up
377
# Write the traceback.
378
# If this is a non-4xx IVLEError, get the message and httpcode and
379
# make the error message a bit nicer (but still include the
381
# We also need to special-case IVLEJailError, as we can get another
382
# almost-exception out of it.
384
codename, msg = None, None
386
if exc_type is util.IVLEJailError:
387
msg = exc_value.type_str + ": " + exc_value.message
388
tb = 'Exception information extracted from IVLEJailError:\n'
389
tb += urllib.unquote(exc_value.info)
392
codename, msg = req.get_http_codename(httpcode)
393
except AttributeError:
395
# Override the default message with the supplied one,
397
if hasattr(exc_value, 'message') and exc_value.message is not None:
398
msg = exc_value.message
399
# Prepend the exception type
400
if exc_type != util.IVLEError:
401
msg = exc_type.__name__ + ": " + msg
403
tb = ''.join(traceback.format_exception(exc_type, exc_value,
407
logging.error('%s\n%s'%(str(msg), tb))
408
# Error messages are only displayed is the user is NOT a student,
409
# or if there has been a problem logging the error message
410
show_errors = (not publicmode) and ((login and \
411
str(role) != "student") or logfail)
412
req.write("""<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
269
tb = ''.join(traceback.format_exception(exc_type, exc_value,
272
logging.error('\n' + tb)
274
# Error messages are only displayed is the user is NOT a student,
275
# or if there has been a problem logging the error message
276
show_errors = (not publicmode) and ((login and req.user.admin) or logfail)
277
req.write("""<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
413
278
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
414
279
<html xmlns="http://www.w3.org/1999/xhtml">
415
280
<head><title>IVLE Internal Server Error</title></head>
417
<h1>IVLE Internal Server Error""")
419
if (codename is not None
420
and httpcode != mod_python.apache.HTTP_INTERNAL_SERVER_ERROR):
421
req.write(": %s" % cgi.escape(codename))
282
<h1>IVLE Internal Server Error</h1>
424
283
<p>An error has occured which is the fault of the IVLE developers or
425
administration. The developers have been notified.</p>
429
req.write("<p>%s</p>\n" % cgi.escape(msg))
430
if httpcode is not None:
431
req.write("<p>(HTTP error code %d)</p>\n" % httpcode)
433
<p>Please report this to <a href="mailto:%s">%s</a> (the system
434
administrator). Include the following information:</p>
435
""" % (cgi.escape(admin_email), cgi.escape(admin_email)))
437
req.write("<pre>\n%s\n</pre>\n"%cgi.escape(tb))
439
req.write("<p>Warning: Could not open Error Log: '%s'</p>\n"
440
%cgi.escape(logfile))
441
req.write("</body></html>")
287
req.write("Please report this issue to the server administrators, "
288
"along with the following information.")
290
req.write("Details have been logged for further examination.")
294
req.write("<h2>Debugging information</h2>")
295
req.write("<pre>\n%s\n</pre>\n"%cgi.escape(tb))
296
req.write("</body></html>")
added
removed
ivle/dispatch/__init__.py
