42
42
from ivle import util
44
44
from ivle.dispatch.request import Request
45
45
import ivle.webapp.security
46
46
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
47
47
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
48
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
50
def generate_route_mapper(view_plugins, attr):
48
from ivle.webapp.errors import BadRequest, HTTPError, NotFound, Unauthorized
49
from ivle.webapp.publisher import Publisher, PublishingError
50
from ivle.webapp import ApplicationRoot
52
config = ivle.config.Config()
54
class ObjectPermissionCheckingPublisher(Publisher):
55
"""A specialised publisher that checks object permissions.
57
This publisher verifies that the user holds any permission at all
58
on the model objects through which the resolution path passes. If
59
no permission is held, resolution is aborted with an Unauthorized
62
IMPORTANT: This does NOT check view permissions. It only checks
63
the objects in between the root and the view, exclusive!
66
def traversed_to_object(self, obj):
67
"""Check that the user has any permission at all over the object."""
68
if (hasattr(obj, 'get_permissions') and
69
len(obj.get_permissions(self.root.user, config)) == 0):
70
# Indicate the forbidden object if this is an admin.
71
if self.root.user and self.root.user.admin:
72
raise Unauthorized('Unauthorized: %s' % obj)
77
def generate_publisher(view_plugins, root, publicmode=False):
52
79
Build a Mapper object for doing URL matching using 'routes', based on the
53
80
given plugin registry.
55
m = routes.Mapper(explicit=True)
82
r = ObjectPermissionCheckingPublisher(root=root)
84
r.add_set_switch('api', 'api')
87
view_attr = 'public_views'
88
forward_route_attr = 'public_forward_routes'
89
reverse_route_attr = 'public_reverse_routes'
92
forward_route_attr = 'forward_routes'
93
reverse_route_attr = 'reverse_routes'
56
96
for plugin in view_plugins:
57
# Establish a URL pattern for each element of plugin.urls
58
assert hasattr(plugin, 'urls'), "%r does not have any urls" % plugin
59
for url in getattr(plugin, attr):
62
kwargs_dict = url[2] if len(url) >= 3 else {}
63
m.connect(routex, view=view_class, **kwargs_dict)
97
if hasattr(plugin, forward_route_attr):
98
for fr in getattr(plugin, forward_route_attr):
99
# An annotated function can also be passed in directly.
100
if hasattr(fr, '_forward_route_meta'):
101
r.add_forward_func(fr)
105
if hasattr(plugin, reverse_route_attr):
106
for rr in getattr(plugin, reverse_route_attr):
107
# An annotated function can also be passed in directly.
108
if hasattr(rr, '_reverse_route_src'):
109
r.add_reverse_func(rr)
113
if hasattr(plugin, view_attr):
114
for v in getattr(plugin, view_attr):
66
119
def handler(apachereq):
67
120
"""Handles an HTTP request.
71
124
@param apachereq: An Apache request object.
73
126
# Make the request object into an IVLE request which can be given to views
74
req = Request(apachereq)
76
# Hack? Try and get the user login early just in case we throw an error
77
# (most likely 404) to stop us seeing not logged in even when we are.
78
if not req.publicmode:
79
user = ivle.webapp.security.get_user_details(req)
81
# Don't set the user if it is disabled or hasn't accepted the ToS.
82
if user and user.valid:
85
conf = ivle.config.Config()
89
req.mapper = generate_route_mapper(conf.plugin_index[PublicViewPlugin],
92
req.mapper = generate_route_mapper(conf.plugin_index[ViewPlugin],
95
matchdict = req.mapper.match(req.uri)
96
if matchdict is not None:
97
viewcls = matchdict['view']
98
# Get the remaining arguments, less 'view', 'action' and 'controller'
99
# (The latter two seem to be built-in, and we don't want them).
100
kwargs = matchdict.copy()
127
req = Request(apachereq, config)
129
req.publisher = generate_publisher(
130
config.plugin_index[ViewPlugin], ApplicationRoot(req),
131
publicmode=req.publicmode)
134
obj, viewcls, subpath = req.publisher.resolve(req.uri.decode('utf-8'))
136
# We 404 if we have a subpath but the view forbids it.
137
if not viewcls.subpath_allowed and subpath:
103
140
# Instantiate the view, which should be a BaseView class
104
view = viewcls(req, **kwargs)
141
view = viewcls(req, obj, subpath)
106
143
# Check that the request (mainly the user) is permitted to access
108
145
if not view.authorize(req):
146
# Indicate the forbidden object if this is an admin.
147
if req.user and req.user.admin:
148
raise Unauthorized('Unauthorized: %s' % view)
152
# Non-GET requests from other sites leave us vulnerable to
154
referer = req.headers_in.get('Referer')
155
if (referer is None or
156
urlparse.urlparse(req.headers_in.get('Referer')).netloc !=
158
if req.method != 'GET' and not view.offsite_posts_allowed:
160
"Non-GET requests from external sites are forbidden "
161
"for security reasons.")
110
163
# Render the output
112
165
except HTTPError, e:
184
except mod_python.apache.SERVER_RETURN:
185
# A mod_python-specific Apache error.
186
# XXX: We need to raise these because req.throw_error() uses them.
187
# Remove this after Google Code issue 117 is fixed.
131
189
except Exception, e:
132
190
# A non-HTTPError appeared. We have an unknown exception. Panic.
133
191
handle_unknown_exception(req, *sys.exc_info())
194
# Commit the transaction if we have a store open.
139
XHTMLErrorView(req, NotFound()).render(req)
197
except Unauthorized, e:
198
# Resolution failed due to a permission check. Display a pretty
199
# error, or maybe a login page.
200
XHTMLView.get_error_view(e)(req, e, req.publisher.root).render(req)
202
except PublishingError, e:
205
if req.user and req.user.admin:
206
XHTMLErrorView(req, NotFound('Not found: ' +
207
str(e.args)), e[0]).render(req)
209
XHTMLErrorView(req, NotFound(), e[0]).render(req)
213
# Make sure we close the store.
142
216
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):
190
257
# misbehaves (which is currently very easy, if things aren't set up
192
259
# Write the traceback.
193
# If this is a non-4xx IVLEError, get the message and httpcode and
194
# make the error message a bit nicer (but still include the
196
# We also need to special-case IVLEJailError, as we can get another
261
# We need to special-case IVLEJailError, as we can get another
197
262
# almost-exception out of it.
199
codename, msg = None, None
201
263
if exc_type is util.IVLEJailError:
202
msg = exc_value.type_str + ": " + exc_value.message
203
264
tb = 'Exception information extracted from IVLEJailError:\n'
204
265
tb += urllib.unquote(exc_value.info)
207
codename, msg = req.get_http_codename(httpcode)
208
except AttributeError:
211
267
tb = ''.join(traceback.format_exception(exc_type, exc_value,
214
logging.error('%s\n%s'%(str(msg), tb))
270
logging.error('\n' + tb)
216
272
# Error messages are only displayed is the user is NOT a student,
217
273
# or if there has been a problem logging the error message
218
show_errors = (not publicmode) and ((login and \
219
str(role) != "student") or logfail)
274
show_errors = (not publicmode) and ((login and req.user.admin) or logfail)
220
275
req.write("""<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
221
276
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
222
277
<html xmlns="http://www.w3.org/1999/xhtml">
223
278
<head><title>IVLE Internal Server Error</title></head>
225
<h1>IVLE Internal Server Error""")
227
if codename is not None and \
228
httpcode != mod_python.apache.HTTP_INTERNAL_SERVER_ERROR:
229
req.write(": %s" % cgi.escape(codename))
280
<h1>IVLE Internal Server Error</h1>
232
281
<p>An error has occured which is the fault of the IVLE developers or
233
282
administrators. """)