Mercurial > p > roundup > code
annotate roundup/xmlrpc.py @ 5852:44b6a79f4e70 maint-1.6
pyme no longer exists at pypi. Try using the git repo of record
so we can run the tests on this year old tree. Right after this
release in mid 2018, pyme was depricated on 2018-10-16.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 21 Aug 2019 20:59:32 -0400 |
| parents | db8659c4e8eb |
| children | 35ea9b1efc14 |
| rev | line source |
|---|---|
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
1 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
2 # Copyright (C) 2007 Stefan Seefeld |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
3 # All rights reserved. |
| 3839 | 4 # For license terms see the file COPYING.txt. |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
5 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
6 |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
7 import logging |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
8 from roundup import hyperdb |
|
5072
1c792cf0a574
Remove 'import *' statement from xmlrpc.py
John Kristensen <john@jerrykan.com>
parents:
5012
diff
changeset
|
9 from roundup.exceptions import Unauthorised, UsageError |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
10 from roundup.date import Date, Range, Interval |
| 4083 | 11 from roundup import actions |
|
5072
1c792cf0a574
Remove 'import *' statement from xmlrpc.py
John Kristensen <john@jerrykan.com>
parents:
5012
diff
changeset
|
12 from SimpleXMLRPCServer import SimpleXMLRPCDispatcher |
|
4371
40d7414592ac
- fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4369
diff
changeset
|
13 from xmlrpclib import Binary |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
14 from traceback import format_exc |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
15 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
16 def translate(value): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
17 """Translate value to becomes valid for XMLRPC transmission.""" |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
18 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
19 if isinstance(value, (Date, Range, Interval)): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
20 return repr(value) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
21 elif type(value) is list: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
22 return [translate(v) for v in value] |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
23 elif type(value) is tuple: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
24 return tuple([translate(v) for v in value]) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
25 elif type(value) is dict: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
26 return dict([[translate(k), translate(value[k])] for k in value]) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
27 else: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
28 return value |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
29 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
30 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
31 def props_from_args(db, cl, args, itemid=None): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
32 """Construct a list of properties from the given arguments, |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
33 and return them after validation.""" |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
34 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
35 props = {} |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
36 for arg in args: |
|
4371
40d7414592ac
- fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4369
diff
changeset
|
37 if isinstance(arg, Binary): |
|
40d7414592ac
- fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4369
diff
changeset
|
38 arg = arg.data |
|
4369
2188c9de5bdd
xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4311
diff
changeset
|
39 try : |
|
2188c9de5bdd
xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4311
diff
changeset
|
40 key, value = arg.split('=', 1) |
|
2188c9de5bdd
xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4311
diff
changeset
|
41 except ValueError : |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
42 raise UsageError, 'argument "%s" not propname=value'%arg |
|
4371
40d7414592ac
- fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4369
diff
changeset
|
43 if isinstance(key, unicode): |
|
40d7414592ac
- fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4369
diff
changeset
|
44 try: |
|
4369
2188c9de5bdd
xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4311
diff
changeset
|
45 key = key.encode ('ascii') |
|
2188c9de5bdd
xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4311
diff
changeset
|
46 except UnicodeEncodeError: |
|
2188c9de5bdd
xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4311
diff
changeset
|
47 raise UsageError, 'argument %r is no valid ascii keyword'%key |
|
4371
40d7414592ac
- fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4369
diff
changeset
|
48 if isinstance(value, unicode): |
|
40d7414592ac
- fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4369
diff
changeset
|
49 value = value.encode('utf-8') |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
50 if value: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
51 try: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
52 props[key] = hyperdb.rawToHyperdb(db, cl, itemid, |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
53 key, value) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5072
diff
changeset
|
54 except hyperdb.HyperdbValueError as message: |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
55 raise UsageError, message |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
56 else: |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
57 # If we're syncing a file the contents may not be None |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
58 if key == 'content': |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
59 props[key] = '' |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
60 else: |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
61 props[key] = None |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
62 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
63 return props |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
64 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
65 class RoundupInstance: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
66 """The RoundupInstance provides the interface accessible through |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
67 the Python XMLRPC mapping.""" |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
68 |
| 4083 | 69 def __init__(self, db, actions, translator): |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
70 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
71 self.db = db |
| 4083 | 72 self.actions = actions |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
73 self.translator = translator |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
74 |
|
4140
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
75 def schema(self): |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
76 s = {} |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
77 for c in self.db.classes: |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
78 cls = self.db.classes[c] |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
79 props = [(n,repr(v)) for n,v in cls.properties.items()] |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
80 s[c] = props |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
81 return s |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
82 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
83 def list(self, classname, propname=None): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
84 cl = self.db.getclass(classname) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
85 if not propname: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
86 propname = cl.labelprop() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
87 result = [cl.get(itemid, propname) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
88 for itemid in cl.list() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
89 if self.db.security.hasPermission('View', self.db.getuid(), |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
90 classname, propname, itemid) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
91 ] |
| 3839 | 92 return result |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
93 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
94 def filter(self, classname, search_matches, filterspec, |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
95 sort=[], group=[]): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
96 cl = self.db.getclass(classname) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
97 uid = self.db.getuid() |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
98 security = self.db.security |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
99 filterspec = security.filterFilterspec (uid, classname, filterspec) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
100 sort = security.filterSortspec (uid, classname, sort) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
101 group = security.filterSortspec (uid, classname, group) |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
102 result = cl.filter(search_matches, filterspec, sort=sort, group=group) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
103 check = security.hasPermission |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
104 x = [id for id in result if check('View', uid, classname, itemid=id)] |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
105 return x |
|
3985
f7f3068b32a1
Add filter() to XML-RPC interface [SF#966456]
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
106 |
|
4449
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
107 def lookup(self, classname, key): |
|
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
108 cl = self.db.getclass(classname) |
|
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
109 uid = self.db.getuid() |
|
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
110 prop = cl.getkey() |
|
4670
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
111 search = self.db.security.hasSearchPermission |
|
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
112 access = self.db.security.hasPermission |
|
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
113 if (not search(uid, classname, prop) |
|
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
114 and not access('View', uid, classname, prop)): |
|
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
115 raise Unauthorised('Permission to lookup %s denied'%classname) |
|
4449
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
116 return cl.lookup(key) |
|
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
117 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
118 def display(self, designator, *properties): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
119 classname, itemid = hyperdb.splitDesignator(designator) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
120 cl = self.db.getclass(classname) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
121 props = properties and list(properties) or cl.properties.keys() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
122 props.sort() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
123 for p in props: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
124 if not self.db.security.hasPermission('View', self.db.getuid(), |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
125 classname, p, itemid): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
126 raise Unauthorised('Permission to view %s of %s denied'% |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
127 (p, designator)) |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
128 result = [(prop, cl.get(itemid, prop)) for prop in props] |
| 3839 | 129 return dict(result) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
130 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
131 def create(self, classname, *args): |
|
4124
0ad79301f055
Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
4083
diff
changeset
|
132 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
133 if not self.db.security.hasPermission('Create', self.db.getuid(), classname): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
134 raise Unauthorised('Permission to create %s denied'%classname) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
135 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
136 cl = self.db.getclass(classname) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
137 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
138 # convert types |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
139 props = props_from_args(self.db, cl, args) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
140 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
141 # check for the key property |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
142 key = cl.getkey() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
143 if key and not props.has_key(key): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
144 raise UsageError, 'you must provide the "%s" property.'%key |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
145 |
|
4124
0ad79301f055
Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
4083
diff
changeset
|
146 for key in props: |
|
4311
7291130fad82
- fix create permission for xmlrpc, too
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4256
diff
changeset
|
147 if not self.db.security.hasPermission('Create', self.db.getuid(), |
|
7291130fad82
- fix create permission for xmlrpc, too
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4256
diff
changeset
|
148 classname, property=key): |
|
7291130fad82
- fix create permission for xmlrpc, too
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4256
diff
changeset
|
149 raise Unauthorised('Permission to create %s.%s denied'%(classname, key)) |
|
4124
0ad79301f055
Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
4083
diff
changeset
|
150 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
151 # do the actual create |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
152 try: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
153 result = cl.create(**props) |
|
4224
3f6cadb98c2f
Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents:
4140
diff
changeset
|
154 self.db.commit() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5072
diff
changeset
|
155 except (TypeError, IndexError, ValueError) as message: |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
156 # The exception we get may be a real error, log the traceback if we're debugging |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
157 logger = logging.getLogger('roundup.xmlrpc') |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
158 for l in format_exc().split('\n'): |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
159 logger.debug(l) |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
160 raise UsageError (message) |
| 3839 | 161 return result |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
162 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
163 def set(self, designator, *args): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
164 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
165 classname, itemid = hyperdb.splitDesignator(designator) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
166 cl = self.db.getclass(classname) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
167 props = props_from_args(self.db, cl, args, itemid) # convert types |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
168 for p in props.iterkeys(): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
169 if not self.db.security.hasPermission('Edit', self.db.getuid(), |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
170 classname, p, itemid): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
171 raise Unauthorised('Permission to edit %s of %s denied'% |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
172 (p, designator)) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
173 try: |
|
4224
3f6cadb98c2f
Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents:
4140
diff
changeset
|
174 result = cl.set(itemid, **props) |
|
3f6cadb98c2f
Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents:
4140
diff
changeset
|
175 self.db.commit() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5072
diff
changeset
|
176 except (TypeError, IndexError, ValueError) as message: |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
177 # The exception we get may be a real error, log the traceback if we're debugging |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
178 logger = logging.getLogger('roundup.xmlrpc') |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
179 for l in format_exc().split('\n'): |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
180 logger.debug(l) |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
181 raise UsageError (message) |
|
4224
3f6cadb98c2f
Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents:
4140
diff
changeset
|
182 return result |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
183 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
184 |
| 4083 | 185 builtin_actions = {'retire': actions.Retire} |
| 186 | |
| 187 def action(self, name, *args): | |
|
4124
0ad79301f055
Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
4083
diff
changeset
|
188 """Execute a named action.""" |
| 4083 | 189 |
| 190 if name in self.actions: | |
| 191 action_type = self.actions[name] | |
| 192 elif name in self.builtin_actions: | |
| 193 action_type = self.builtin_actions[name] | |
| 194 else: | |
| 195 raise Exception('action "%s" is not supported %s' % (name, ','.join(self.actions.keys()))) | |
| 196 action = action_type(self.db, self.translator) | |
| 197 return action.execute(*args) | |
| 198 | |
| 199 | |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
200 class RoundupDispatcher(SimpleXMLRPCDispatcher): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
201 """RoundupDispatcher bridges from cgi.client to RoundupInstance. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
202 It expects user authentication to be done.""" |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
203 |
| 4083 | 204 def __init__(self, db, actions, translator, |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
205 allow_none=False, encoding=None): |
|
5012
6b7f257e5de8
Simplify SimpleXMLRPCDispatcher initialisation
John Kristensen <john@jerrykan.com>
parents:
4793
diff
changeset
|
206 SimpleXMLRPCDispatcher.__init__(self, allow_none, encoding) |
| 4083 | 207 self.register_instance(RoundupInstance(db, actions, translator)) |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4670
diff
changeset
|
208 self.register_multicall_functions() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
209 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
210 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
211 def dispatch(self, input): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
212 return self._marshaled_dispatch(input) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
213 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
214 def _dispatch(self, method, params): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
215 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
216 retn = SimpleXMLRPCDispatcher._dispatch(self, method, params) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
217 retn = translate(retn) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
218 return retn |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
219 |