Mercurial > p > roundup > code
annotate roundup/actions.py @ 5211:f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
In client.py: add explicit expiration of csrf tokens to
handle_csrf. There is a clean_up() that runs on every client
connection before handle)csrf is invoked, but it only cleans every
hour. With short lived tokens this is insufficient. Also remove
debugging.
In templating.py fix values for seconds/week and minutes per week. The
original values were shifted/transposed and an order of magnitude off.
In test_templating.py again fix seconds/week constant.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 19 Mar 2017 17:10:13 -0400 |
| parents | a7541077cf12 |
| children | ed02a1e0aa5d |
| rev | line source |
|---|---|
| 4083 | 1 # |
| 2 # Copyright (C) 2009 Stefan Seefeld | |
| 3 # All rights reserved. | |
| 4 # For license terms see the file COPYING.txt. | |
| 5 # | |
| 6 | |
|
5071
a7541077cf12
Remove 'import *' statement from actions.py
John Kristensen <john@jerrykan.com>
parents:
4357
diff
changeset
|
7 from roundup.exceptions import Unauthorised |
| 4083 | 8 from roundup import hyperdb |
| 9 from roundup.i18n import _ | |
| 10 | |
| 11 class Action: | |
| 12 def __init__(self, db, translator): | |
| 13 self.db = db | |
| 14 self.translator = translator | |
| 15 | |
| 16 def handle(self, *args): | |
| 17 """Action handler procedure""" | |
| 18 raise NotImplementedError | |
| 19 | |
| 20 def execute(self, *args): | |
| 21 """Execute the action specified by this object.""" | |
| 22 | |
| 23 self.permission(*args) | |
| 24 return self.handle(*args) | |
| 25 | |
| 26 | |
| 27 def permission(self, *args): | |
| 28 """Check whether the user has permission to execute this action. | |
| 29 | |
| 30 If not, raise Unauthorised.""" | |
| 31 | |
| 32 pass | |
| 33 | |
| 34 | |
| 35 def gettext(self, msgid): | |
| 36 """Return the localized translation of msgid""" | |
| 37 return self.translator.gettext(msgid) | |
| 38 | |
| 39 | |
| 40 _ = gettext | |
| 41 | |
| 42 | |
| 43 class Retire(Action): | |
| 44 | |
| 45 def handle(self, designator): | |
| 46 | |
| 47 classname, itemid = hyperdb.splitDesignator(designator) | |
| 48 | |
| 49 # make sure we don't try to retire admin or anonymous | |
| 50 if (classname == 'user' and | |
| 51 self.db.user.get(itemid, 'username') in ('admin', 'anonymous')): | |
|
4357
13b3155869e0
Beginnings of a big code cleanup / modernisation to make 2to3 happy
Richard Jones <richard@users.sourceforge.net>
parents:
4125
diff
changeset
|
52 raise ValueError(self._( |
|
13b3155869e0
Beginnings of a big code cleanup / modernisation to make 2to3 happy
Richard Jones <richard@users.sourceforge.net>
parents:
4125
diff
changeset
|
53 'You may not retire the admin or anonymous user')) |
| 4083 | 54 |
| 55 # do the retire | |
| 56 self.db.getclass(classname).retire(itemid) | |
| 57 self.db.commit() | |
| 58 | |
| 59 | |
| 60 def permission(self, designator): | |
| 61 | |
| 62 classname, itemid = hyperdb.splitDesignator(designator) | |
| 63 | |
| 64 if not self.db.security.hasPermission('Edit', self.db.getuid(), | |
| 65 classname=classname, itemid=itemid): | |
| 66 raise Unauthorised(self._('You do not have permission to ' | |
| 4125 | 67 'retire the %(classname)s class.')%classname) |
| 4083 | 68 |