Mercurial Repository: p/roundup/code: roundup/cgi/actions.py comparison

comparison roundup/cgi/actions.py @ 6066:b011e5ac06d5

Flake8 whitespace; add translate; change use 'is None' not = Changed out some strings like: _("foo bar bas....") into _( "foo" "bar bas") to handle long lines. Verified both forms result in the same string extraction using locale tools xgettext/xpot. Added a couple of translation marks.

author	John Rouillard <rouilj@ieee.org>
date	Sat, 18 Jan 2020 20:27:02 -0500
parents	8128ca0cb764
children	f74d078cfd9a

comparison

equal deleted inserted replaced

-:1ec4aa670b0c
+:b011e5ac06d5
 from roundup.anypy.strings import StringIO
 import roundup.anypy.random_ as random_
 from roundup.anypy.html import html_escape
-import time
 from datetime import timedelta
 # Also add action to client.py::Client.actions property
-__all__ = ['Action', 'ShowAction', 'RetireAction', 'RestoreAction', 'SearchAction',
+__all__ = ['Action', 'ShowAction', 'RetireAction', 'RestoreAction',
+'SearchAction',
 'EditCSVAction', 'EditItemAction', 'PassResetAction',
 'ConfRegoAction', 'RegisterAction', 'LoginAction', 'LogoutAction',
 'NewItemAction', 'ExportCSVAction', 'ExportCSVWithIdAction']
 # used by a couple of routines
 chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
 class Action:
 def __init__(self, client):
 self.client = client
 self.form = client.form
 self.classname = client.classname
 self.userid = client.userid
 self.base = client.base
 self.user = client.user
 self.context = templating.context(client)
-self.loginLimit = RateLimit(client.db.config.WEB_LOGIN_ATTEMPTS_MIN, timedelta(seconds=60))
+self.loginLimit = RateLimit(client.db.config.WEB_LOGIN_ATTEMPTS_MIN,
+timedelta(seconds=60))
 def handle(self):
 """Action handler procedure"""
 raise NotImplementedError
 if self.base:
 parsed_base_url_tuple = urllib_.urlparse(self.base)
 else:
 raise ValueError(self._("Base url not set. Check configuration."))
-info={ 'url': url,
+info = {'url': url,
 'base_url': self.base,
 'base_scheme': parsed_base_url_tuple.scheme,
 'base_netloc': parsed_base_url_tuple.netloc,
 'base_path': parsed_base_url_tuple.path,
 'url_scheme': parsed_url_tuple.scheme,
 'url_netloc': parsed_url_tuple.netloc,
 'url_path': parsed_url_tuple.path,
 'url_params': parsed_url_tuple.params,
 'url_query': parsed_url_tuple.query,
-'url_fragment': parsed_url_tuple.fragment }
+'url_fragment': parsed_url_tuple.fragment}
 if parsed_base_url_tuple.scheme == "https":
 if parsed_url_tuple.scheme != "https":
-raise ValueError(self._("Base url %(base_url)s requires https. Redirect url %(url)s uses http.")%info)
+raise ValueError(self._("Base url %(base_url)s requires https."
+" Redirect url %(url)s uses http.") %
+info)
 else:
 if parsed_url_tuple.scheme not in ('http', 'https'):
-raise ValueError(self._("Unrecognized scheme in %(url)s")%info)
+raise ValueError(self._("Unrecognized scheme in %(url)s") %
+info)
 if parsed_url_tuple.netloc != parsed_base_url_tuple.netloc:
-raise ValueError(self._("Net location in %(url)s does not match base: %(base_netloc)s")%info)
+raise ValueError(self._("Net location in %(url)s does not match "
+"base: %(base_netloc)s") % info)
 if parsed_url_tuple.path.find(parsed_base_url_tuple.path) != 0:
-raise ValueError(self._("Base path %(base_path)s is not a prefix for url %(url)s")%info)
+raise ValueError(self._("Base path %(base_path)s is not a "
+"prefix for url %(url)s") % info)
 # I am not sure if this has to be language sensitive.
 # Do ranges depend on the LANG of the user??
 # Is there a newer spec for URI's than what I am referencing?
 # quote it so it doesn't do anything bad otherwise we have a
 # different vector to handle.
 allowed_pattern = re.compile(r'''^[A-Za-z0-9@:/?._~%!$&'()*+,;=-]*$''')
 if not allowed_pattern.match(parsed_url_tuple.path):
-raise ValueError(self._("Path component (%(url_path)s) in %(url)s is not properly escaped")%info)
+raise ValueError(self._("Path component (%(url_path)s) in %(url)s "
+"is not properly escaped") % info)
 if not allowed_pattern.match(parsed_url_tuple.params):
-raise ValueError(self._("Params component (%(url_params)s) in %(url)s is not properly escaped")%info)
+raise ValueError(self._("Params component (%(url_params)s) in %(url)s is not properly escaped") % info)
 if not allowed_pattern.match(parsed_url_tuple.query):
-raise ValueError(self._("Query component (%(url_query)s) in %(url)s is not properly escaped")%info)
+raise ValueError(self._("Query component (%(url_query)s) in %(url)s is not properly escaped") % info)
 if not allowed_pattern.match(parsed_url_tuple.fragment):
-raise ValueError(self._("Fragment component (%(url_fragment)s) in %(url)s is not properly escaped")%info)
+raise ValueError(self._("Fragment component (%(url_fragment)s) in %(url)s is not properly escaped") % info)
 return(urllib_.urlunparse(parsed_url_tuple))
 name = ''
 permissionType = None
 def permission(self):
 """Check whether the user has permission to execute this action.
 True by default. If the permissionType attribute is a string containing
 a simple permission, check whether the user has that permission.
 if (self.permissionType and
 not self.hasPermission(self.permissionType)):
 info = {'action': self.name, 'classname': self.classname}
 raise exceptions.Unauthorised(self._(
 'You do not have permission to '
-'%(action)s the %(classname)s class.')%info)
+'%(action)s the %(classname)s class.') % info)
 _marker = []
-def hasPermission(self, permission, classname=_marker, itemid=None, property=None):
+def hasPermission(self, permission, classname=_marker, itemid=None,
+property=None):
 """Check whether the user has 'permission' on the current class."""
 if classname is self._marker:
 classname = self.client.classname
 return self.db.security.hasPermission(permission, self.client.userid,
-classname=classname, itemid=itemid, property=property)
+classname=classname,
+itemid=itemid, property=property)
 def gettext(self, msgid):
 """Return the localized translation of msgid"""
 return self.client.translator.gettext(msgid)
 _ = gettext
 class ShowAction(Action):
-typere=re.compile('[@:]type')
+typere = re.compile('[@:]type')
-numre=re.compile('[@:]number')
+numre = re.compile('[@:]number')
 def handle(self):
 """Show a node of a particular class/id."""
 t = n = ''
 for key in self.form:
 try:
 int(n)
 except ValueError:
 d = {'input': n, 'classname': t}
 raise exceptions.SeriousError(self._(
-'"%(input)s" is not an ID (%(classname)s ID required)')%d)
+'"%(input)s" is not an ID (%(classname)s ID required)') % d)
-url = '%s%s%s'%(self.base, t, n)
+url = '%s%s%s' % (self.base, t, n)
 raise exceptions.Redirect(url)
 class RetireAction(Action):
 name = 'retire'
 permissionType = 'Edit'
 # do the retire
 self.db.getclass(self.classname).retire(itemid)
 self.db.commit()
 self.client.add_ok_message(
-self._('%(classname)s %(itemid)s has been retired')%{
+self._('%(classname)s %(itemid)s has been retired') % {
 'classname': self.classname.capitalize(), 'itemid': itemid})
 class RestoreAction(Action):
 name = 'restore'
 if self.template == 'index':
 self.client.nodeid = None
 # check permission
 if not self.hasPermission('Restore', classname=self.classname,
 itemid=itemid):
 raise exceptions.Unauthorised(self._(
 'You do not have permission to restore %(class)s'
 ) % {'class': self.classname})
 # do the restore
 self.db.getclass(self.classname).restore(itemid)
 self.db.commit()
 self.client.add_ok_message(
-self._('%(classname)s %(itemid)s has been restored')%{
+self._('%(classname)s %(itemid)s has been restored') % {
 'classname': self.classname.capitalize(), 'itemid': itemid})
 class SearchAction(Action):
 name = 'search'
 # create a query
 if not self.hasPermission('Create', 'query'):
 raise exceptions.Unauthorised(self._(
 "You do not have permission to store queries"))
 qid = self.db.query.create(name=queryname,
 klass=self.classname, url=url)
 else:
 uid = self.db.getuid()
 # if the queryname is being changed from the old
 # (original) value, make sure new queryname is not
 for qid in qids:
 # require an exact name match
 if queryname != self.db.query.get(qid, 'name'):
 continue
 # whoops we found a duplicate; report error and return
-message=_("You already own a query named '%s'. Please choose another name.")%(queryname)
+message = _("You already own a query named '%s'. "
+"Please choose another name.") % \
+(queryname)
 self.client.add_error_message(message)
 return
 # edit the new way, query name not a key any more
 # see if we match an existing private query
 qids = self.db.query.filter(None, {'name': old_queryname,
 'private_for': uid})
 if not qids:
 # ok, so there's not a private query for the current user
 # - see if there's one created by them
 qids = self.db.query.filter(None, {'name': old_queryname,
 'creator': uid})
 if qids and old_queryname:
 # edit query - make sure we get an exact match on the name
 for qid in qids:
 if old_queryname != self.db.query.get(qid, 'name'):
 continue
 if not self.hasPermission('Edit', 'query', itemid=qid):
 raise exceptions.Unauthorised(self._(
 "You do not have permission to edit queries"))
 self.db.query.set(qid, klass=self.classname,
 url=url, name=queryname)
 else:
 # create a query
 if not self.hasPermission('Create', 'query'):
 raise exceptions.Unauthorised(self._(
 "You do not have permission to store queries"))
 qid = self.db.query.create(name=queryname,
-klass=self.classname, url=url, private_for=uid)
+klass=self.classname, url=url,
+private_for=uid)
 # and add it to the user's query multilink
 queries = self.db.user.get(self.userid, 'queries')
 if qid not in queries:
 queries.append(qid)
 req.form.list.append(
 cgi.MiniFieldStorage(
 "@dispname", queryname
 )
 )
 def fakeFilterVars(self):
 """Add a faked :filter form variable for each filtering prop."""
 cls = self.db.classes[self.classname]
 for key in self.form:
 self.form.value.append(cgi.MiniFieldStorage(key, v))
 elif isinstance(prop, hyperdb.Number):
 try:
 float(self.form[key].value)
 except ValueError:
-raise exceptions.FormError("Invalid number: "+self.form[key].value)
+raise exceptions.FormError(_("Invalid number: ") +
+self.form[key].value)
 elif isinstance(prop, hyperdb.Integer):
 try:
-val=self.form[key].value
+val = self.form[key].value
-if ( str(int(val)) == val ):
+if (str(int(val)) == val):
 pass
 else:
 raise ValueError
 except ValueError:
-raise exceptions.FormError("Invalid integer: "+val)
+raise exceptions.FormError(_("Invalid integer: ") +
+val)
 self.form.value.append(cgi.MiniFieldStorage('@filter', key))
 def getCurrentURL(self, req):
 """Get current URL for storing as a query.
 We now store the template with the query if the template name is
 different from 'index'
 """
 template = self.getFromForm('template')
 if template and template != 'index':
-return req.indexargs_url('', {'@template' : template})[1:]
+return req.indexargs_url('', {'@template': template})[1:]
 return req.indexargs_url('', {})[1:]
 def getFromForm(self, name):
 for key in ('@' + name, ':' + name):
 if key in self.form:
 return self.form[key].value.strip()
 return ''
 def getQueryName(self):
 return self.getFromForm('queryname')
 class EditCSVAction(Action):
 name = 'edit'
 permissionType = 'Edit'
 exists = 1
 # confirm correct weight
 if len(props_without_id) != len(values):
 self.client.add_error_message(
-self._('Not enough values on line %(line)s')%{'line':line})
+self._('Not enough values on line %(line)s') % \
+{'line':line})
 return
 # extract the new values
 d = {}
 for name, value in zip(props_without_id, values):
 # check permission to edit this property on this item
 if exists and not self.hasPermission('Edit', itemid=itemid,
 classname=self.classname, property=name):
 raise exceptions.Unauthorised(self._(
 'You do not have permission to edit %(class)s'
 ) % {'class': self.classname})
 prop = cl.properties[name]
 # retire the removed entries
 for itemid in cl.list():
 if itemid not in found:
 # check permission to retire this item
 if not self.hasPermission('Retire', itemid=itemid,
 classname=self.classname):
 raise exceptions.Unauthorised(self._(
 'You do not have permission to retire %(class)s'
 ) % {'class': self.classname})
 cl.retire(itemid)
 # all OK
 self.db.commit()
 self.client.add_ok_message(self._('Items edited OK'))
 class EditCommon(Action):
 '''Utility methods for editing.'''
 def _editnodes(self, all_props, all_links):
 '''
 # figure dependencies and re-work links
 deps = {}
 links = {}
 for cn, nodeid, propname, vlist in all_links:
-numeric_id = int (nodeid or 0)
+numeric_id = int(nodeid or 0)
 if not (numeric_id > 0 or (cn, nodeid) in all_props):
 # link item to link to doesn't (and won't) exist
 continue
 for value in vlist:
 # and some nice feedback for the user
 if props:
 info = ', '.join(map(self._, props))
 m.append(
 self._('%(class)s %(id)s %(properties)s edited ok')
-% {'class':cn, 'id':nodeid, 'properties':info})
+% {'class': cn, 'id': nodeid, 'properties': info})
 else:
 # this used to produce a message like:
 #    issue34 - nothing changed
 # which is confusing if only quiet properties
 # changed for the class/id. So don't report
-# anything is the user didn't explicitly change
+# anything if the user didn't explicitly change
 # a visible (non-quiet) property.
 pass
 else:
 # make a new node
 newid = self._createnode(cn, props)
 self.nodeid = newid
 nodeid = newid
 # and some nice feedback for the user
 m.append(self._('%(class)s %(id)s created')
-% {'class':cn, 'id':newid})
+% {'class': cn, 'id': newid})
 # fill in new ids in links
 if needed in links:
 for linkcn, linkid, linkprop in links[needed]:
 props = all_props[(linkcn, linkid)]
 """Check whether a user is editing his/her own details."""
 return (self.nodeid == self.userid
 and self.db.user.get(self.nodeid, 'username') != 'anonymous')
 _cn_marker = []
 def editItemPermission(self, props, classname=_cn_marker, itemid=None):
 """Determine whether the user has permission to edit this item."""
 if itemid is None:
 itemid = self.nodeid
 if classname is self._cn_marker:
 classname = self.classname
 # The user must have permission to edit each of the properties
 # being changed.
 for p in props:
 if not self.hasPermission('Edit', itemid=itemid,
 classname=classname, property=p):
 return 0
 # Since the user has permission to edit all of the properties,
 # the edit is OK.
 return 1
 Base behaviour is to check the user can edit this class. No additional
 property checks are made.
 """
-if not classname :
+if not classname:
 classname = self.client.classname
 if not self.hasPermission('Create', classname=classname):
 return 0
 # Check Create permission for each property, to avoid being able
 # to set restricted ones on new item creation
 for key in props:
 if not self.hasPermission('Create', classname=classname,
 property=key):
 return 0
 return 1
 class EditItemAction(EditCommon):
 def lastUserActivity(self):
 if ':lastactivity' in self.form:
 d = date.Date(self.form[':lastactivity'].value)
 return []
 def handleCollision(self, props):
 message = self._('Edit Error: someone else has edited this %s (%s). '
 'View <a target="_blank" href="%s%s">their changes</a> '
-'in a new window.')%(self.classname, ', '.join(props),
+'in a new window.') % (self.classname, ', '.join(props),
 self.classname, self.nodeid)
 self.client.add_error_message(message, escape=False)
 return
 def handle(self):
 """Perform an edit of an item in the database.
 url = self.base + self.classname
 # note that this action might have been called by an index page, so
 # we will want to include index-page args in this URL too
 if self.nodeid is not None:
 url += self.nodeid
-url += '?@ok_message=%s&@template=%s'%(urllib_.quote(message),
+url += '?@ok_message=%s&@template=%s' % (urllib_.quote(message),
 urllib_.quote(self.template))
 if self.nodeid is None:
 req = templating.HTMLRequest(self.client)
 url += '&' + req.indexargs_url('', {})[1:]
 raise exceptions.Redirect(url)
 class NewItemAction(EditCommon):
 def handle(self):
 ''' Add a new item to the database.
 # parse the props from the form
 try:
 props, links = self.client.parsePropsFromForm(create=1)
 except (ValueError, KeyError) as message:
 self.client.add_error_message(self._('Error: %s')
 % str(message))
 return
 # handle the props - edit or create
 try:
 # when it hits the None element, it'll set self.nodeid
 # commit now that all the tricky stuff is done
 self.db.commit()
 # Allow an option to stay on the page to create new things
 if '__redirect_to' in self.form:
-raise exceptions.Redirect('%s&@ok_message=%s'%(
+raise exceptions.Redirect('%s&@ok_message=%s' % (
 self.examine_url(self.form['__redirect_to'].value),
 urllib_.quote(messages)))
 # otherwise redirect to the new item's page
 raise exceptions.Redirect('%s%s%s?@ok_message=%s&@template=%s' % (
 self.base, self.classname, self.nodeid, urllib_.quote(messages),
 urllib_.quote(self.template)))
 class PassResetAction(Action):
 def handle(self):
 """Handle password reset requests.
 otk = self.form['otk'].value
 uid = otks.get(otk, 'uid', default=None)
 if uid is None:
 self.client.add_error_message(
 self._("Invalid One Time Key!\n"
 "(a Mozilla bug may cause this message "
 "to show up erroneously, please check your email)"))
 return
 # pull the additional email address if exist
 uaddress = otks.get(otk, 'uaddress', default=None)
 cl = self.db.user
 # XXX we need to make the "default" page be able to display errors!
 try:
 # set the password
-cl.set(uid, password=password.Password(newpw, config=self.db.config))
+cl.set(uid, password=password.Password(newpw,
+config=self.db.config))
 # clear the props from the otk database
 otks.destroy(otk)
 otks.commit()
 # commit the password change
-self.db.commit ()
+self.db.commit()
 except (ValueError, KeyError) as message:
 self.client.add_error_message(str(message))
 return
 # user info
 else:
 address = uaddress
 # send the email
 tracker_name = self.db.config.TRACKER_NAME
-subject = 'Password reset for %s'%tracker_name
+subject = 'Password reset for %s' % tracker_name
 body = '''
 The password has been reset for username "%(name)s".
 Your password is now: %(password)s
-'''%{'name': name, 'password': newpw}
+''' % {'name': name, 'password': newpw}
 if not self.client.standard_message([address], subject, body):
 return
 self.client.add_ok_message(
 self._('Password reset and email sent to %s') % address)
 otks.set(otk, uid=uid, uaddress=address)
 otks.commit()
 # send the email
 tracker_name = self.db.config.TRACKER_NAME
-subject = 'Confirm reset of password for %s'%tracker_name
+subject = 'Confirm reset of password for %s' % tracker_name
 body = '''
 Someone, perhaps you, has requested that the password be changed for your
 username, "%(name)s". If you wish to proceed with the change, please follow
 the link below:
 %(url)suser?@template=forgotten&@action=passrst&otk=%(otk)s
 You should then receive another email with the new password.
-'''%{'name': name, 'tracker': tracker_name, 'url': self.base, 'otk': otk}
+''' % {'name': name, 'tracker': tracker_name, 'url': self.base, 'otk': otk}
 if not self.client.standard_message([address], subject, body):
 return
 if 'username' in self.form:
 self.client.add_ok_message(self._('Email sent to primary notification address for %s.') % name)
 else:
 self.client.add_ok_message(self._('Email sent to %s.') % address)
 class RegoCommon(Action):
 def finishRego(self):
 # log the new user in
 self.client.userid = self.userid
 # update session data
 self.client.session_api.set(user=user)
 # nice message
 message = self._('You are now registered, welcome!')
-url = '%suser%s?@ok_message=%s'%(self.base, self.userid,
+url = '%suser%s?@ok_message=%s' % (self.base, self.userid,
 urllib_.quote(message))
 # redirect to the user's page (but not 302, as some email clients seem
 # to want to reload the page, or something)
 return '''<html><head><title>%s</title></head>
 <body><p><a href="%s">%s</a></p>
 <script nonce="%s" type="text/javascript">
 window.setTimeout('window.location = "%s"', 1000);
-</script>'''%(message, url, message,
+</script>''' % (message, url, message,
 self.client.client_nonce, url)
 class ConfRegoAction(RegoCommon):
 def handle(self):
 """Grab the OTK, use it to load up the new user details."""
 try:
 except (ValueError, KeyError) as message:
 self.client.add_error_message(str(message))
 return
 return self.finishRego()
 class RegisterAction(RegoCommon, EditCommon, Timestamped):
 name = 'register'
 permissionType = 'Register'
 def handle(self):
 # disable the check.
 delaytime = self.db.config['WEB_REGISTRATION_DELAY']
 if delaytime > 0:
 self.timecheck('opaqueregister', delaytime)
 # parse the props from the form
 try:
 props, links = self.client.parsePropsFromForm(create=1)
 except (ValueError, KeyError) as message:
 self.client.add_error_message(self._('Error: %s')
 % str(message))
 return
 # skip the confirmation step?
 if self.db.config['INSTANT_REGISTRATION']:
 # handle the create now
 escape=escape)
 return
 # fix up the initial roles
 self.db.user.set(self.nodeid,
 roles=self.db.config['NEW_WEB_USER_ROLES'])
 # commit now that all the tricky stuff is done
 self.db.commit()
 # finish off by logging the user in
 if check_user:
 try:
 user_found = self.db.user.lookup(user_props['username'])
 # if user is found reject the request.
 raise Reject(
-_("Username '%s' is already used.")%user_props['username'])
+_("Username '%s' is already used.") % user_props['username'])
 except KeyError:
 # user not found this is what we want.
 pass
 for propname, proptype in self.db.user.getprops().items():
 value = user_props.get(propname, None)
 if value is None:
 pass
 elif isinstance(proptype, hyperdb.Date):
 # send the email
 tracker_name = self.db.config.TRACKER_NAME
 tracker_email = self.db.config.TRACKER_EMAIL
 if self.db.config['EMAIL_REGISTRATION_CONFIRMATION']:
-subject = 'Complete your registration to %s -- key %s'%(tracker_name,
+subject = 'Complete your registration to %s -- key %s' % (
-otk)
+tracker_name, otk)
 body = """To complete your registration of the user "%(name)s" with
 %(tracker)s, please do one of the following:
 - send a reply to %(tracker_email)s and maintain the subject line as is (the
 reply's additional "Re:" is ok),
 - or visit the following URL:
 %(url)s?@action=confrego&otk=%(otk)s
 """ % {'name': user_props['username'], 'tracker': tracker_name,
 'url': self.base, 'otk': otk, 'tracker_email': tracker_email}
 else:
-subject = 'Complete your registration to %s'%(tracker_name)
+subject = 'Complete your registration to %s' % (tracker_name)
 body = """To complete your registration of the user "%(name)s" with
 %(tracker)s, please visit the following URL:
 %(url)s?@action=confrego&otk=%(otk)s
 """ % {'name': user_props['username'], 'tracker': tracker_name,
 'url': self.base, 'otk': otk}
 if not self.client.standard_message([user_props['address']], subject,
-body, (tracker_name, tracker_email)):
+body,
+(tracker_name, tracker_email)):
 return
 # commit changes to the database
 self.db.commit()
 # redirect to the "you're almost there" page
-raise exceptions.Redirect('%suser?@template=rego_progress'%self.base)
+raise exceptions.Redirect('%suser?@template=rego_progress' % self.base)
 def newItemPermission(self, props, classname=None):
 """Just check the "Register" permission.
 """
 # registration isn't allowed to supply roles
 "It is not permitted to supply roles at registration."))
 # technically already checked, but here for clarity
 return self.hasPermission('Register', classname=classname)
 class LogoutAction(Action):
 def handle(self):
 """Make us really anonymous - nuke the session too."""
 # log us out
 self.client.make_user_anonymous()
 # anonymous user and not the user who logged out. If
 # we don't the user gets an invalid CSRF token error
 # As above choose the home page since everybody can
 # see that.
 raise exceptions.Redirect(self.base)
 class LoginAction(Action):
 def handle(self):
 """Attempt to log a user in.
 clean_url = self.examine_url(self.form['__came_from'].value)
 redirect_url_tuple = urllib_.urlparse(clean_url)
 # now I have a tuple form for the __came_from url
 try:
-query=urllib_.parse_qs(redirect_url_tuple.query)
+query = urllib_.parse_qs(redirect_url_tuple.query)
 if "@error_message" in query:
 del query["@error_message"]
 if "@ok_message" in query:
 del query["@ok_message"]
 if "@action" in query:
 except AttributeError:
 # no query param so nothing to remove. Just define.
 query = {}
 pass
-redirect_url = urllib_.urlunparse( (redirect_url_tuple.scheme,
+redirect_url = urllib_.urlunparse((redirect_url_tuple.scheme,
 redirect_url_tuple.netloc,
 redirect_url_tuple.path,
 redirect_url_tuple.params,
 urllib_.urlencode(list(sorted(query.items())), doseq=True),
 redirect_url_tuple.fragment)
 )
 try:
 # Implement rate limiting of logins by login name.
 # Use prefix to prevent key collisions maybe??
 # set client.db.config.WEB_LOGIN_ATTEMPTS_MIN to 0
 #  to disable
-if self.client.db.config.WEB_LOGIN_ATTEMPTS_MIN: # if 0 - off
+if self.client.db.config.WEB_LOGIN_ATTEMPTS_MIN:  # if 0 - off
-rlkey="LOGIN-" + self.client.user
+rlkey = "LOGIN-" + self.client.user
-limit=self.loginLimit
+limit = self.loginLimit
-gcra=Gcra()
+gcra = Gcra()
-otk=self.client.db.Otk
+otk = self.client.db.Otk
 try:
-val=otk.getall(rlkey)
+val = otk.getall(rlkey)
 gcra.set_tat_as_string(rlkey, val['tat'])
 except KeyError:
 # ignore if tat not set, it's 1970-1-1 by default.
 pass
 # see if rate limit exceeded and we need to reject the attempt
-reject=gcra.update(rlkey, limit)
+reject = gcra.update(rlkey, limit)
 # Calculate a timestamp that will make OTK expire the
 # unused entry 1 hour in the future
 ts = time.time() - (60 * 60 * 24 * 7) + 3600
 otk.set(rlkey, tat=gcra.get_tat_as_string(rlkey),
 __timestamp=ts)
 otk.commit()
 if reject:
 # User exceeded limits: find out how long to wait
-status=gcra.status(rlkey, limit)
+status = gcra.status(rlkey, limit)
-raise Reject(_("Logins occurring too fast. Please wait: %s seconds.")%status['Retry-After'])
+raise Reject(_("Logins occurring too fast. Please wait: %s seconds.") % status['Retry-After'])
 self.verifyLogin(self.client.user, password)
 except exceptions.LoginError as err:
 self.client.make_user_anonymous()
 for arg in err.args:
 self.client.add_error_message(arg)
 if '__came_from' in self.form:
 # set a new error
 query['@error_message'] = err.args
-redirect_url = urllib_.urlunparse( (redirect_url_tuple.scheme,
+redirect_url = urllib_.urlunparse((redirect_url_tuple.scheme,
 redirect_url_tuple.netloc,
 redirect_url_tuple.path,
 redirect_url_tuple.params,
 urllib_.urlencode(list(sorted(query.items())), doseq=True),
 redirect_url_tuple.fragment )
 )
 raise exceptions.Redirect(redirect_url)
 # if no __came_from, send back to base url with error
 return
 # now we're OK, re-open the database for real, using the user
 return 1
 if not givenpw and not stored:
 return 1
 return 0
 class ExportCSVAction(Action):
 name = 'export'
 permissionType = 'View'
 list_sep = ';'              # Separator for list types
 # use error code 400: Bad Request. Do not use
 # error code 404: Not Found.
 self.client.response_code = 400
 raise exceptions.NotFound(
 self._('Column "%(column)s" not found in %(class)s')
-% {'column': html_escape(cname), 'class': request.classname})
+% {'column': html_escape(cname),
+'class': request.classname})
 # full-text search
 if request.search_text:
 matches = self.db.indexer.search(
 re.findall(r'\b\w{2,25}\b', request.search_text), klass)
 return 'dummy'
 wfile = self.client.request.wfile
 if self.client.charset != self.client.STORAGE_CHARSET:
 wfile = codecs.EncodedFile(wfile,
-self.client.STORAGE_CHARSET, self.client.charset, 'replace')
+self.client.STORAGE_CHARSET,
+self.client.charset, 'replace')
 writer = csv.writer(wfile)
 # handle different types of columns.
 def repr_no_right(cls, col):
 """User doesn't have the right to see the value of col."""
 def fct(arg):
 return "[hidden]"
 return fct
 def repr_link(cls, col):
 """Generate a function which returns the string representation of
 a link depending on `cls` and `col`."""
 def fct(arg):
-if arg == None:
+if arg is None:
 return ""
 else:
 return str(cls.get(arg, col))
 return fct
 def repr_list(cls, col):
 def fct(arg):
-if arg == None:
+if arg is None:
 return ""
 elif type(arg) is list:
 seq = [str(cls.get(val, col)) for val in arg]
 # python2/python 3 have different order in lists
 # sort to not break tests
 seq.sort()
 return self.list_sep.join(seq)
 return fct
 def repr_date():
 def fct(arg):
-if arg == None:
+if arg is None:
 return ""
 else:
 if (arg.local(self.db.getUserTimezone()).pretty('%H:%M') ==
 '00:00'):
 fmt = '%Y-%m-%d'
 else:
 fmt = '%Y-%m-%d %H:%M'
 return arg.local(self.db.getUserTimezone()).pretty(fmt)
 return fct
 def repr_val():
 def fct(arg):
-if arg == None:
+if arg is None:
 return ""
 else:
 return str(arg)
 return fct
 props = klass.getprops()
 # Determine translation map.
 ncols = []
 represent = {}
 for col in columns:
 ncols.append(col)
 continue
 for name in columns:
 # check permission for this property on this item
 # TODO: Permission filter doesn't work for the 'user' class
 if not self.hasPermission(self.permissionType, itemid=itemid,
-classname=request.classname, property=name):
+classname=request.classname,
+property=name):
 repr_function = repr_no_right(request.classname, name)
 else:
 repr_function = represent[name]
 row.append(repr_function(klass.get(itemid, name)))
 self.client._socket_op(writer.writerow, row)
 return '\n'
 class ExportCSVWithIdAction(Action):
 ''' A variation of ExportCSVAction that returns ID number rather than
 names. This is the original csv export function.
 '''
 # use error code 400: Bad Request. Do not use
 # error code 404: Not Found.
 self.client.response_code = 400
 raise exceptions.NotFound(
 self._('Column "%(column)s" not found in %(class)s')
-% {'column': html_escape(cname), 'class': request.classname})
+% {'column': html_escape(cname),
+'class': request.classname})
 # full-text search
 if request.search_text:
 matches = self.db.indexer.search(
 re.findall(r'\b\w{2,25}\b', request.search_text), klass)
 return 'dummy'
 wfile = self.client.request.wfile
 if self.client.charset != self.client.STORAGE_CHARSET:
 wfile = codecs.EncodedFile(wfile,
-self.client.STORAGE_CHARSET, self.client.charset, 'replace')
+self.client.STORAGE_CHARSET,
+self.client.charset, 'replace')
 writer = csv.writer(wfile)
 self.client._socket_op(writer.writerow, columns)
 # and search
 row = []
 # FIXME should this code raise an exception if an item
 # is included that can't be accessed? Enabling this
 # check will just skip the row for the inaccessible item.
 # This makes it act more like the web interface.
-#if not self.hasPermission(self.permissionType, itemid=itemid,
+# if not self.hasPermission(self.permissionType, itemid=itemid,
 #                          classname=request.classname):
 #    continue
 for name in columns:
 # check permission to view this property on this item
 if not self.hasPermission(self.permissionType, itemid=itemid,
-classname=request.classname, property=name):
+classname=request.classname,
+property=name):
 # FIXME: is this correct, or should we just
 # emit a '[hidden]' string. Note that this may
 # allow an attacker to figure out hidden schema
 # properties.
 # A bad property name will result in an exception.
 row.append(str(value))
 self.client._socket_op(writer.writerow, row)
 return '\n'
 class Bridge(BaseAction):
 """Make roundup.actions.Action executable via CGI request.
-Using this allows users to write actions executable from multiple frontends.
+Using this allows users to write actions executable from multiple
-CGI Form content is translated into a dictionary, which then is passed as
+frontends. CGI Form content is translated into a dictionary, which
-argument to 'handle()'. XMLRPC requests have to pass this dictionary
+then is passed as argument to 'handle()'. XMLRPC requests have to
-directly.
+pass this dictionary directly.
 """
 def __init__(self, *args):
 # As this constructor is callable from multiple frontends, each with

Mercurial > p > roundup > code

comparison roundup/cgi/actions.py @ 6066:b011e5ac06d5