Mercurial > p > roundup > code
annotate roundup/xmlrpc.py @ 5548:fea11d05110e
Avoid errors from selecting "no selection" on multilink (issue2550722).
As discussed in issue 2550722 there are various cases where selecting
"no selection" on a multilink can result in inappropriate errors from
Roundup:
* If selecting "no selection" produces a null edit (a value was set in
the multilink in an edit with an error, then removed again, along
with all other changes, in the next form submission), so the page is
rendered from the form contents including the "-<id>" value for "no
selection" for the multilink.
* If creating an item with a nonempty value for a multilink has an
error, and the resubmission changes that multilink to "no selection"
(and this in turn has subcases, according to whether the creation
then succeeds or fails on the resubmission, which need fixes in
different places in the Roundup code).
All of these cases have in common that it is expected and OK to have a
"-<id>" value for a submission for a multilink when <id> is not set in
that multilink in the database (because the original attempt to set
<id> in that multilink had an error), so the hyperdb.py logic to give
an error in that case is thus removed. In the subcase of the second
case where the resubmission with "no selection" has an error, the
templating code tries to produce a menu entry for the "-<id>"
multilink value, which also results in an error, hence the
templating.py change to ignore such values in the list for a
multilink.
| author | Joseph Myers <jsm@polyomino.org.uk> |
|---|---|
| date | Thu, 27 Sep 2018 11:33:01 +0000 |
| parents | 7f3dfdd6a620 |
| children | ed02a1e0aa5d |
| rev | line source |
|---|---|
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
1 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
2 # Copyright (C) 2007 Stefan Seefeld |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
3 # All rights reserved. |
| 3839 | 4 # For license terms see the file COPYING.txt. |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
5 # |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
6 |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
7 import logging |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
8 from roundup import hyperdb |
|
5072
1c792cf0a574
Remove 'import *' statement from xmlrpc.py
John Kristensen <john@jerrykan.com>
parents:
5012
diff
changeset
|
9 from roundup.exceptions import Unauthorised, UsageError |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
10 from roundup.date import Date, Range, Interval |
| 4083 | 11 from roundup import actions |
|
5408
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5395
diff
changeset
|
12 from roundup.anypy import xmlrpc_ |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5395
diff
changeset
|
13 SimpleXMLRPCDispatcher = xmlrpc_.server.SimpleXMLRPCDispatcher |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5395
diff
changeset
|
14 Binary = xmlrpc_.client.Binary |
|
5416
56c9bcdea47f
Python 3 preparation: unicode.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5408
diff
changeset
|
15 from roundup.anypy.strings import us2s |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
16 from traceback import format_exc |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
17 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
18 def translate(value): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
19 """Translate value to becomes valid for XMLRPC transmission.""" |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
20 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
21 if isinstance(value, (Date, Range, Interval)): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
22 return repr(value) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
23 elif type(value) is list: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
24 return [translate(v) for v in value] |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
25 elif type(value) is tuple: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
26 return tuple([translate(v) for v in value]) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
27 elif type(value) is dict: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
28 return dict([[translate(k), translate(value[k])] for k in value]) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
29 else: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
30 return value |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
31 |
|
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
32 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
33 def props_from_args(db, cl, args, itemid=None): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
34 """Construct a list of properties from the given arguments, |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
35 and return them after validation.""" |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
36 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
37 props = {} |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
38 for arg in args: |
|
4371
40d7414592ac
- fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4369
diff
changeset
|
39 if isinstance(arg, Binary): |
|
40d7414592ac
- fix coding style from yesterday
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4369
diff
changeset
|
40 arg = arg.data |
|
4369
2188c9de5bdd
xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4311
diff
changeset
|
41 try : |
|
2188c9de5bdd
xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4311
diff
changeset
|
42 key, value = arg.split('=', 1) |
|
2188c9de5bdd
xmlrpc handling of unicode characters, see
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4311
diff
changeset
|
43 except ValueError : |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5326
diff
changeset
|
44 raise UsageError('argument "%s" not propname=value'%arg) |
|
5416
56c9bcdea47f
Python 3 preparation: unicode.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5408
diff
changeset
|
45 key = us2s(key) |
|
56c9bcdea47f
Python 3 preparation: unicode.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5408
diff
changeset
|
46 value = us2s(value) |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
47 if value: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
48 try: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
49 props[key] = hyperdb.rawToHyperdb(db, cl, itemid, |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
50 key, value) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5072
diff
changeset
|
51 except hyperdb.HyperdbValueError as message: |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5326
diff
changeset
|
52 raise UsageError(message) |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
53 else: |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
54 # If we're syncing a file the contents may not be None |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
55 if key == 'content': |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
56 props[key] = '' |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
57 else: |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
58 props[key] = None |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
59 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
60 return props |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
61 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
62 class RoundupInstance: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
63 """The RoundupInstance provides the interface accessible through |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
64 the Python XMLRPC mapping.""" |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
65 |
| 4083 | 66 def __init__(self, db, actions, translator): |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
67 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
68 self.db = db |
| 4083 | 69 self.actions = actions |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
70 self.translator = translator |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
71 |
|
4140
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
72 def schema(self): |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
73 s = {} |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
74 for c in self.db.classes: |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
75 cls = self.db.classes[c] |
|
5504
7f3dfdd6a620
make sure everything is sorted in the xmlrpc schema
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5416
diff
changeset
|
76 props = [(n,repr(v)) for n,v in sorted(cls.properties.items())] |
|
4140
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
77 s[c] = props |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
78 return s |
|
3c4545f55949
Allow XMLRPC clients to fetch tracker schema.
Stefan Seefeld <stefan@seefeld.name>
parents:
4124
diff
changeset
|
79 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
80 def list(self, classname, propname=None): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
81 cl = self.db.getclass(classname) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
82 if not propname: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
83 propname = cl.labelprop() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
84 result = [cl.get(itemid, propname) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
85 for itemid in cl.list() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
86 if self.db.security.hasPermission('View', self.db.getuid(), |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
87 classname, propname, itemid) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
88 ] |
| 3839 | 89 return result |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
90 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
91 def filter(self, classname, search_matches, filterspec, |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
92 sort=[], group=[]): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
93 cl = self.db.getclass(classname) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
94 uid = self.db.getuid() |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
95 security = self.db.security |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
96 filterspec = security.filterFilterspec (uid, classname, filterspec) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
97 sort = security.filterSortspec (uid, classname, sort) |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
98 group = security.filterSortspec (uid, classname, group) |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
99 result = cl.filter(search_matches, filterspec, sort=sort, group=group) |
|
4437
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
100 check = security.hasPermission |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
101 x = [id for id in result if check('View', uid, classname, itemid=id)] |
|
261c9f913ff7
- Add explicit "Search" permissions, see Security Fix below.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4371
diff
changeset
|
102 return x |
|
3985
f7f3068b32a1
Add filter() to XML-RPC interface [SF#966456]
Richard Jones <richard@users.sourceforge.net>
parents:
3973
diff
changeset
|
103 |
|
4449
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
104 def lookup(self, classname, key): |
|
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
105 cl = self.db.getclass(classname) |
|
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
106 uid = self.db.getuid() |
|
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
107 prop = cl.getkey() |
|
4670
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
108 search = self.db.security.hasSearchPermission |
|
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
109 access = self.db.security.hasPermission |
|
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
110 if (not search(uid, classname, prop) |
|
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
111 and not access('View', uid, classname, prop)): |
|
c9b85ca1f985
Fix xmlrpc permissions for lookup method.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4449
diff
changeset
|
112 raise Unauthorised('Permission to lookup %s denied'%classname) |
|
4449
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
113 return cl.lookup(key) |
|
3f251efd5f48
Add "lookup" method to xmlrpc interface (Ralf Schlatterbeck)
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4437
diff
changeset
|
114 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
115 def display(self, designator, *properties): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
116 classname, itemid = hyperdb.splitDesignator(designator) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
117 cl = self.db.getclass(classname) |
|
5395
23b8e6067f7c
Python 3 preparation: update calls to dict methods.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5381
diff
changeset
|
118 props = properties and list(properties) or list(cl.properties.keys()) |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
119 props.sort() |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
120 for p in props: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
121 if not self.db.security.hasPermission('View', self.db.getuid(), |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
122 classname, p, itemid): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
123 raise Unauthorised('Permission to view %s of %s denied'% |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
124 (p, designator)) |
|
3973
85cbaa50eba1
xml-rpc security checks and tests across all backends [SF#1907211]
Richard Jones <richard@users.sourceforge.net>
parents:
3937
diff
changeset
|
125 result = [(prop, cl.get(itemid, prop)) for prop in props] |
| 3839 | 126 return dict(result) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
127 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
128 def create(self, classname, *args): |
|
4124
0ad79301f055
Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
4083
diff
changeset
|
129 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
130 if not self.db.security.hasPermission('Create', self.db.getuid(), classname): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
131 raise Unauthorised('Permission to create %s denied'%classname) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
132 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
133 cl = self.db.getclass(classname) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
134 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
135 # convert types |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
136 props = props_from_args(self.db, cl, args) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
137 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
138 # check for the key property |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
139 key = cl.getkey() |
|
5381
0942fe89e82e
Python 3 preparation: change "x.has_key(y)" to "y in x".
Joseph Myers <jsm@polyomino.org.uk>
parents:
5378
diff
changeset
|
140 if key and key not in props: |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5326
diff
changeset
|
141 raise UsageError('you must provide the "%s" property.'%key) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
142 |
|
4124
0ad79301f055
Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
4083
diff
changeset
|
143 for key in props: |
|
4311
7291130fad82
- fix create permission for xmlrpc, too
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4256
diff
changeset
|
144 if not self.db.security.hasPermission('Create', self.db.getuid(), |
|
7291130fad82
- fix create permission for xmlrpc, too
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4256
diff
changeset
|
145 classname, property=key): |
|
7291130fad82
- fix create permission for xmlrpc, too
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4256
diff
changeset
|
146 raise Unauthorised('Permission to create %s.%s denied'%(classname, key)) |
|
4124
0ad79301f055
Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
4083
diff
changeset
|
147 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
148 # do the actual create |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
149 try: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
150 result = cl.create(**props) |
|
4224
3f6cadb98c2f
Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents:
4140
diff
changeset
|
151 self.db.commit() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5072
diff
changeset
|
152 except (TypeError, IndexError, ValueError) as message: |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
153 # The exception we get may be a real error, log the traceback if we're debugging |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
154 logger = logging.getLogger('roundup.xmlrpc') |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
155 for l in format_exc().split('\n'): |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
156 logger.debug(l) |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
157 raise UsageError (message) |
| 3839 | 158 return result |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
159 |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
160 def set(self, designator, *args): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
161 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
162 classname, itemid = hyperdb.splitDesignator(designator) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
163 cl = self.db.getclass(classname) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
164 props = props_from_args(self.db, cl, args, itemid) # convert types |
|
5395
23b8e6067f7c
Python 3 preparation: update calls to dict methods.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5381
diff
changeset
|
165 for p in props.keys(): |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
166 if not self.db.security.hasPermission('Edit', self.db.getuid(), |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
167 classname, p, itemid): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
168 raise Unauthorised('Permission to edit %s of %s denied'% |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
169 (p, designator)) |
|
3828
ba6ba8d6bcc1
Initial checkin for new xmlrpc frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
diff
changeset
|
170 try: |
|
4224
3f6cadb98c2f
Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents:
4140
diff
changeset
|
171 result = cl.set(itemid, **props) |
|
3f6cadb98c2f
Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents:
4140
diff
changeset
|
172 self.db.commit() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5072
diff
changeset
|
173 except (TypeError, IndexError, ValueError) as message: |
|
5326
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
174 # The exception we get may be a real error, log the traceback if we're debugging |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
175 logger = logging.getLogger('roundup.xmlrpc') |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
176 for l in format_exc().split('\n'): |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
177 logger.debug(l) |
|
db8659c4e8eb
xmlrpc: logging; content property
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
178 raise UsageError (message) |
|
4224
3f6cadb98c2f
Move db.commit() call from handle_xmlrpc() to individual methods...
Stefan Seefeld <stefan@seefeld.name>
parents:
4140
diff
changeset
|
179 return result |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
180 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
181 |
| 4083 | 182 builtin_actions = {'retire': actions.Retire} |
| 183 | |
| 184 def action(self, name, *args): | |
|
4124
0ad79301f055
Restrict user creation rights in XMLRPC frontend.
Stefan Seefeld <stefan@seefeld.name>
parents:
4083
diff
changeset
|
185 """Execute a named action.""" |
| 4083 | 186 |
| 187 if name in self.actions: | |
| 188 action_type = self.actions[name] | |
| 189 elif name in self.builtin_actions: | |
| 190 action_type = self.builtin_actions[name] | |
| 191 else: | |
| 192 raise Exception('action "%s" is not supported %s' % (name, ','.join(self.actions.keys()))) | |
| 193 action = action_type(self.db, self.translator) | |
| 194 return action.execute(*args) | |
| 195 | |
| 196 | |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
197 class RoundupDispatcher(SimpleXMLRPCDispatcher): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
198 """RoundupDispatcher bridges from cgi.client to RoundupInstance. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
199 It expects user authentication to be done.""" |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
200 |
| 4083 | 201 def __init__(self, db, actions, translator, |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
202 allow_none=False, encoding=None): |
|
5012
6b7f257e5de8
Simplify SimpleXMLRPCDispatcher initialisation
John Kristensen <john@jerrykan.com>
parents:
4793
diff
changeset
|
203 SimpleXMLRPCDispatcher.__init__(self, allow_none, encoding) |
| 4083 | 204 self.register_instance(RoundupInstance(db, actions, translator)) |
|
4793
d9e5539303bd
Implement XMLRPC MultiCall (including test), see
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4670
diff
changeset
|
205 self.register_multicall_functions() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
206 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
207 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
208 def dispatch(self, input): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
209 return self._marshaled_dispatch(input) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
210 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
211 def _dispatch(self, method, params): |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
212 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
213 retn = SimpleXMLRPCDispatcher._dispatch(self, method, params) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
214 retn = translate(retn) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
215 return retn |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
3985
diff
changeset
|
216 |