45
50
import ivle.webapp.security
46
51
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
47
52
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
48
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
53
from ivle.webapp.errors import BadRequest, HTTPError, NotFound, Unauthorized
54
from ivle.webapp.publisher import Publisher, PublishingError
55
from ivle.webapp import ApplicationRoot
50
57
config = ivle.config.Config()
52
def generate_router(view_plugins, attr):
59
class ObjectPermissionCheckingPublisher(Publisher):
60
"""A specialised publisher that checks object permissions.
62
This publisher verifies that the user holds any permission at all
63
on the model objects through which the resolution path passes. If
64
no permission is held, resolution is aborted with an Unauthorized
67
IMPORTANT: This does NOT check view permissions. It only checks
68
the objects in between the root and the view, exclusive!
71
def traversed_to_object(self, obj):
72
"""Check that the user has any permission at all over the object."""
73
if (hasattr(obj, 'get_permissions') and
74
len(obj.get_permissions(self.root.user, config)) == 0):
75
# Indicate the forbidden object if this is an admin.
76
if self.root.user and self.root.user.admin:
77
raise Unauthorized('Unauthorized: %s' % obj)
82
def generate_publisher(view_plugins, root, publicmode=False):
54
84
Build a Mapper object for doing URL matching using 'routes', based on the
55
85
given plugin registry.
57
m = routes.Mapper(explicit=True)
87
r = ObjectPermissionCheckingPublisher(root=root)
89
r.add_set_switch('api', 'api')
92
view_attr = 'public_views'
93
forward_route_attr = 'public_forward_routes'
94
reverse_route_attr = 'public_reverse_routes'
97
forward_route_attr = 'forward_routes'
98
reverse_route_attr = 'reverse_routes'
58
101
for plugin in view_plugins:
59
# Establish a URL pattern for each element of plugin.urls
60
assert hasattr(plugin, 'urls'), "%r does not have any urls" % plugin
61
for url in getattr(plugin, attr):
64
kwargs_dict = url[2] if len(url) >= 3 else {}
65
m.connect(routex, view=view_class, **kwargs_dict)
102
if hasattr(plugin, forward_route_attr):
103
for fr in getattr(plugin, forward_route_attr):
104
# An annotated function can also be passed in directly.
105
if hasattr(fr, '_forward_route_meta'):
106
r.add_forward_func(fr)
110
if hasattr(plugin, reverse_route_attr):
111
for rr in getattr(plugin, reverse_route_attr):
112
# An annotated function can also be passed in directly.
113
if hasattr(rr, '_reverse_route_src'):
114
r.add_reverse_func(rr)
118
if hasattr(plugin, view_attr):
119
for v in getattr(plugin, view_attr):
68
124
def handler(apachereq):
69
125
"""Handles an HTTP request.
75
131
# Make the request object into an IVLE request which can be given to views
76
132
req = Request(apachereq, config)
78
# Hack? Try and get the user login early just in case we throw an error
79
# (most likely 404) to stop us seeing not logged in even when we are.
80
if not req.publicmode:
81
user = ivle.webapp.security.get_user_details(req)
83
# Don't set the user if it is disabled or hasn't accepted the ToS.
84
if user and user.valid:
88
req.mapper = generate_router(config.plugin_index[PublicViewPlugin],
91
req.mapper = generate_router(config.plugin_index[ViewPlugin], 'urls')
93
matchdict = req.mapper.match(req.uri)
94
if matchdict is not None:
95
viewcls = matchdict['view']
96
# Get the remaining arguments, less 'view', 'action' and 'controller'
97
# (The latter two seem to be built-in, and we don't want them).
98
kwargs = matchdict.copy()
134
req.publisher = generate_publisher(
135
config.plugin_index[ViewPlugin], ApplicationRoot(req),
136
publicmode=req.publicmode)
139
obj, viewcls, subpath = req.publisher.resolve(req.uri.decode('utf-8'))
141
# We 404 if we have a subpath but the view forbids it.
142
if not viewcls.subpath_allowed and subpath:
101
145
# Instantiate the view, which should be a BaseView class
102
view = viewcls(req, **kwargs)
146
view = viewcls(req, obj, subpath)
104
148
# Check that the request (mainly the user) is permitted to access
106
150
if not view.authorize(req):
151
# Indicate the forbidden object if this is an admin.
152
if req.user and req.user.admin:
153
raise Unauthorized('Unauthorized: %s' % view)
157
# Non-GET requests from other sites leave us vulnerable to
159
referer = req.headers_in.get('Referer')
160
if (referer is None or
161
urlparse.urlparse(req.headers_in.get('Referer')).netloc !=
163
if req.method != 'GET' and not view.offsite_posts_allowed:
165
"Non-GET requests from external sites are forbidden "
166
"for security reasons.")
108
168
# Render the output
110
170
except HTTPError, e:
136
196
handle_unknown_exception(req, *sys.exc_info())
199
# Commit the transaction if we have a store open.
142
XHTMLErrorView(req, NotFound()).render(req)
202
except Unauthorized, e:
203
# Resolution failed due to a permission check. Display a pretty
204
# error, or maybe a login page.
205
XHTMLView.get_error_view(e)(req, e, req.publisher.root).render(req)
207
except PublishingError, e:
210
if req.user and req.user.admin:
211
XHTMLErrorView(req, NotFound('Not found: ' +
212
str(e.args)), e[0]).render(req)
214
XHTMLErrorView(req, NotFound(), e[0]).render(req)
218
# Make sure we close the store.
145
221
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):