annotate roundup/xmlrpc.py @ 5852:44b6a79f4e70 maint-1.6

pyme no longer exists at pypi. Try using the git repo of record so we can run the tests on this year old tree. Right after this release in mid 2018, pyme was depricated on 2018-10-16.
author John Rouillard <rouilj@ieee.org>
date Wed, 21 Aug 2019 20:59:32 -0400
parents db8659c4e8eb
children 35ea9b1efc14
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
1 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
2 # Copyright (C) 2007 Stefan Seefeld
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
3 # All rights reserved.
3839
Stefan Seefeld <stefan@seefeld.name>
parents: 3828
diff changeset
4 # For license terms see the file COPYING.txt.
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
5 #
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
6
5326
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
7 import logging
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
8 from roundup import hyperdb
5072
1c792cf0a574 Remove 'import *' statement from xmlrpc.py
John Kristensen <john@jerrykan.com>
parents: 5012
diff changeset
9 from roundup.exceptions import Unauthorised, UsageError
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
10 from roundup.date import Date, Range, Interval
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
11 from roundup import actions
5072
1c792cf0a574 Remove 'import *' statement from xmlrpc.py
John Kristensen <john@jerrykan.com>
parents: 5012
diff changeset
12 from SimpleXMLRPCServer import SimpleXMLRPCDispatcher
4371
40d7414592ac - fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4369
diff changeset
13 from xmlrpclib import Binary
5326
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
14 from traceback import format_exc
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
15
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
16 def translate(value):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
17 """Translate value to becomes valid for XMLRPC transmission."""
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
18
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
19 if isinstance(value, (Date, Range, Interval)):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
20 return repr(value)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
21 elif type(value) is list:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
22 return [translate(v) for v in value]
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
23 elif type(value) is tuple:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
24 return tuple([translate(v) for v in value])
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
25 elif type(value) is dict:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
26 return dict([[translate(k), translate(value[k])] for k in value])
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
27 else:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
28 return value
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
29
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
30
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
31 def props_from_args(db, cl, args, itemid=None):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
32 """Construct a list of properties from the given arguments,
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
33 and return them after validation."""
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
34
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
35 props = {}
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
36 for arg in args:
4371
40d7414592ac - fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4369
diff changeset
37 if isinstance(arg, Binary):
40d7414592ac - fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4369
diff changeset
38 arg = arg.data
4369
2188c9de5bdd xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4311
diff changeset
39 try :
2188c9de5bdd xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4311
diff changeset
40 key, value = arg.split('=', 1)
2188c9de5bdd xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4311
diff changeset
41 except ValueError :
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
42 raise UsageError, 'argument "%s" not propname=value'%arg
4371
40d7414592ac - fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4369
diff changeset
43 if isinstance(key, unicode):
40d7414592ac - fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4369
diff changeset
44 try:
4369
2188c9de5bdd xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4311
diff changeset
45 key = key.encode ('ascii')
2188c9de5bdd xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4311
diff changeset
46 except UnicodeEncodeError:
2188c9de5bdd xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4311
diff changeset
47 raise UsageError, 'argument %r is no valid ascii keyword'%key
4371
40d7414592ac - fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4369
diff changeset
48 if isinstance(value, unicode):
40d7414592ac - fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4369
diff changeset
49 value = value.encode('utf-8')
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
50 if value:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
51 try:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
52 props[key] = hyperdb.rawToHyperdb(db, cl, itemid,
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
53 key, value)
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5072
diff changeset
54 except hyperdb.HyperdbValueError as message:
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
55 raise UsageError, message
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
56 else:
5326
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
57 # If we're syncing a file the contents may not be None
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
58 if key == 'content':
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
59 props[key] = ''
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
60 else:
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
61 props[key] = None
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
62
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
63 return props
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
64
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
65 class RoundupInstance:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
66 """The RoundupInstance provides the interface accessible through
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
67 the Python XMLRPC mapping."""
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
68
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
69 def __init__(self, db, actions, translator):
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
70
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
71 self.db = db
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
72 self.actions = actions
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
73 self.translator = translator
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
74
4140
3c4545f55949 Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents: 4124
diff changeset
75 def schema(self):
3c4545f55949 Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents: 4124
diff changeset
76 s = {}
3c4545f55949 Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents: 4124
diff changeset
77 for c in self.db.classes:
3c4545f55949 Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents: 4124
diff changeset
78 cls = self.db.classes[c]
3c4545f55949 Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents: 4124
diff changeset
79 props = [(n,repr(v)) for n,v in cls.properties.items()]
3c4545f55949 Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents: 4124
diff changeset
80 s[c] = props
3c4545f55949 Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents: 4124
diff changeset
81 return s
3c4545f55949 Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents: 4124
diff changeset
82
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
83 def list(self, classname, propname=None):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
84 cl = self.db.getclass(classname)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
85 if not propname:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
86 propname = cl.labelprop()
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
87 result = [cl.get(itemid, propname)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
88 for itemid in cl.list()
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
89 if self.db.security.hasPermission('View', self.db.getuid(),
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
90 classname, propname, itemid)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
91 ]
3839
Stefan Seefeld <stefan@seefeld.name>
parents: 3828
diff changeset
92 return result
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
93
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
94 def filter(self, classname, search_matches, filterspec,
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
95 sort=[], group=[]):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
96 cl = self.db.getclass(classname)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4371
diff changeset
97 uid = self.db.getuid()
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4371
diff changeset
98 security = self.db.security
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4371
diff changeset
99 filterspec = security.filterFilterspec (uid, classname, filterspec)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4371
diff changeset
100 sort = security.filterSortspec (uid, classname, sort)
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4371
diff changeset
101 group = security.filterSortspec (uid, classname, group)
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
102 result = cl.filter(search_matches, filterspec, sort=sort, group=group)
4437
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4371
diff changeset
103 check = security.hasPermission
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4371
diff changeset
104 x = [id for id in result if check('View', uid, classname, itemid=id)]
261c9f913ff7 - Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4371
diff changeset
105 return x
3985
f7f3068b32a1 Add filter() to XML-RPC interface [SF#966456]
Richard Jones <richard@users.sourceforge.net>
parents: 3973
diff changeset
106
4449
3f251efd5f48 Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
107 def lookup(self, classname, key):
3f251efd5f48 Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
108 cl = self.db.getclass(classname)
3f251efd5f48 Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
109 uid = self.db.getuid()
3f251efd5f48 Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
110 prop = cl.getkey()
4670
c9b85ca1f985 Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4449
diff changeset
111 search = self.db.security.hasSearchPermission
c9b85ca1f985 Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4449
diff changeset
112 access = self.db.security.hasPermission
c9b85ca1f985 Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4449
diff changeset
113 if (not search(uid, classname, prop)
c9b85ca1f985 Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4449
diff changeset
114 and not access('View', uid, classname, prop)):
c9b85ca1f985 Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4449
diff changeset
115 raise Unauthorised('Permission to lookup %s denied'%classname)
4449
3f251efd5f48 Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
116 return cl.lookup(key)
3f251efd5f48 Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4437
diff changeset
117
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
118 def display(self, designator, *properties):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
119 classname, itemid = hyperdb.splitDesignator(designator)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
120 cl = self.db.getclass(classname)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
121 props = properties and list(properties) or cl.properties.keys()
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
122 props.sort()
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
123 for p in props:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
124 if not self.db.security.hasPermission('View', self.db.getuid(),
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
125 classname, p, itemid):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
126 raise Unauthorised('Permission to view %s of %s denied'%
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
127 (p, designator))
3973
85cbaa50eba1 xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents: 3937
diff changeset
128 result = [(prop, cl.get(itemid, prop)) for prop in props]
3839
Stefan Seefeld <stefan@seefeld.name>
parents: 3828
diff changeset
129 return dict(result)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
130
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
131 def create(self, classname, *args):
4124
0ad79301f055 Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents: 4083
diff changeset
132
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
133 if not self.db.security.hasPermission('Create', self.db.getuid(), classname):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
134 raise Unauthorised('Permission to create %s denied'%classname)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
135
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
136 cl = self.db.getclass(classname)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
137
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
138 # convert types
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
139 props = props_from_args(self.db, cl, args)
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
140
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
141 # check for the key property
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
142 key = cl.getkey()
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
143 if key and not props.has_key(key):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
144 raise UsageError, 'you must provide the "%s" property.'%key
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
145
4124
0ad79301f055 Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents: 4083
diff changeset
146 for key in props:
4311
7291130fad82 - fix create permission for xmlrpc, too
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4256
diff changeset
147 if not self.db.security.hasPermission('Create', self.db.getuid(),
7291130fad82 - fix create permission for xmlrpc, too
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4256
diff changeset
148 classname, property=key):
7291130fad82 - fix create permission for xmlrpc, too
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4256
diff changeset
149 raise Unauthorised('Permission to create %s.%s denied'%(classname, key))
4124
0ad79301f055 Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents: 4083
diff changeset
150
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
151 # do the actual create
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
152 try:
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
153 result = cl.create(**props)
4224
3f6cadb98c2f Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents: 4140
diff changeset
154 self.db.commit()
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5072
diff changeset
155 except (TypeError, IndexError, ValueError) as message:
5326
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
156 # The exception we get may be a real error, log the traceback if we're debugging
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
157 logger = logging.getLogger('roundup.xmlrpc')
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
158 for l in format_exc().split('\n'):
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
159 logger.debug(l)
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
160 raise UsageError (message)
3839
Stefan Seefeld <stefan@seefeld.name>
parents: 3828
diff changeset
161 return result
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
162
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
163 def set(self, designator, *args):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
164
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
165 classname, itemid = hyperdb.splitDesignator(designator)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
166 cl = self.db.getclass(classname)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
167 props = props_from_args(self.db, cl, args, itemid) # convert types
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
168 for p in props.iterkeys():
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
169 if not self.db.security.hasPermission('Edit', self.db.getuid(),
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
170 classname, p, itemid):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
171 raise Unauthorised('Permission to edit %s of %s denied'%
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
172 (p, designator))
3828
ba6ba8d6bcc1 Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff changeset
173 try:
4224
3f6cadb98c2f Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents: 4140
diff changeset
174 result = cl.set(itemid, **props)
3f6cadb98c2f Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents: 4140
diff changeset
175 self.db.commit()
5248
198b6e810c67 Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents: 5072
diff changeset
176 except (TypeError, IndexError, ValueError) as message:
5326
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
177 # The exception we get may be a real error, log the traceback if we're debugging
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
178 logger = logging.getLogger('roundup.xmlrpc')
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
179 for l in format_exc().split('\n'):
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
180 logger.debug(l)
db8659c4e8eb xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents: 5248
diff changeset
181 raise UsageError (message)
4224
3f6cadb98c2f Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents: 4140
diff changeset
182 return result
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
183
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
184
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
185 builtin_actions = {'retire': actions.Retire}
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
186
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
187 def action(self, name, *args):
4124
0ad79301f055 Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents: 4083
diff changeset
188 """Execute a named action."""
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
189
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
190 if name in self.actions:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
191 action_type = self.actions[name]
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
192 elif name in self.builtin_actions:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
193 action_type = self.builtin_actions[name]
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
194 else:
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
195 raise Exception('action "%s" is not supported %s' % (name, ','.join(self.actions.keys())))
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
196 action = action_type(self.db, self.translator)
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
197 return action.execute(*args)
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
198
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
199
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
200 class RoundupDispatcher(SimpleXMLRPCDispatcher):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
201 """RoundupDispatcher bridges from cgi.client to RoundupInstance.
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
202 It expects user authentication to be done."""
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
203
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
204 def __init__(self, db, actions, translator,
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
205 allow_none=False, encoding=None):
5012
6b7f257e5de8 Simplify SimpleXMLRPCDispatcher initialisation
John Kristensen <john@jerrykan.com>
parents: 4793
diff changeset
206 SimpleXMLRPCDispatcher.__init__(self, allow_none, encoding)
4083
bbab97f8ffb2 XMLRPC improvements:
Stefan Seefeld <stefan@seefeld.name>
parents: 4079
diff changeset
207 self.register_instance(RoundupInstance(db, actions, translator))
4793
d9e5539303bd Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4670
diff changeset
208 self.register_multicall_functions()
4079
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
209
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
210
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
211 def dispatch(self, input):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
212 return self._marshaled_dispatch(input)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
213
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
214 def _dispatch(self, method, params):
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
215
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
216 retn = SimpleXMLRPCDispatcher._dispatch(self, method, params)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
217 retn = translate(retn)
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
218 return retn
edf526c91412 * Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents: 3985
diff changeset
219

Roundup Issue Tracker: http://roundup-tracker.org/