Mercurial > p > roundup > code

comparison roundup/cgi/client.py @ 1005:efa19bdad6c3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
reinstated registration, cleaned up PT compile error reporting
author Richard Jones <richard@users.sourceforge.net>
date Sun, 01 Sep 2002 23:57:53 +0000
parents 5f12d3259f31
children 10ed4791f969
comparison
equal deleted inserted replaced
1004:5f12d3259f31 1005:efa19bdad6c3
1 # $Id: client.py,v 1.4 2002-09-01 22:09:20 richard Exp $ 1 # $Id: client.py,v 1.5 2002-09-01 23:57:53 richard Exp $
2 2
3 __doc__ = """ 3 __doc__ = """
4 WWW request handler (also used in the stand-alone server). 4 WWW request handler (also used in the stand-alone server).
5 """ 5 """
6 6
287 # XXX handle PT rendering errors here nicely 287 # XXX handle PT rendering errors here nicely
288 try: 288 try:
289 return pt.render(**kwargs) 289 return pt.render(**kwargs)
290 except PageTemplate.PTRuntimeError, message: 290 except PageTemplate.PTRuntimeError, message:
291 return '<strong>%s</strong><ol>%s</ol>'%(message, 291 return '<strong>%s</strong><ol>%s</ol>'%(message,
292 cgi.escape('<li>'.join(pt._v_errors))) 292 '<li>'.join(pt._v_errors))
293 except: 293 except:
294 # everything else 294 # everything else
295 return cgitb.html() 295 return cgitb.html()
296 296
297 def content(self): 297 def content(self):
304 304
305 # these are the actions that are available 305 # these are the actions that are available
306 actions = { 306 actions = {
307 'edit': 'editItemAction', 307 'edit': 'editItemAction',
308 'new': 'newItemAction', 308 'new': 'newItemAction',
309 'register': 'registerAction',
309 'login': 'login_action', 310 'login': 'login_action',
310 'logout': 'logout_action', 311 'logout': 'logout_action',
311 'register': 'register_action',
312 'search': 'searchAction', 312 'search': 'searchAction',
313 } 313 }
314 def handle_action(self): 314 def handle_action(self):
315 ''' Determine whether there should be an _action called. 315 ''' Determine whether there should be an _action called.
316 316
317 The action is defined by the form variable :action which 317 The action is defined by the form variable :action which
318 identifies the method on this object to call. The four basic 318 identifies the method on this object to call. The four basic
319 actions are defined in the "actions" dictionary on this class: 319 actions are defined in the "actions" dictionary on this class:
320 "edit" -> self.editItemAction 320 "edit" -> self.editItemAction
321 "new" -> self.newItemAction 321 "new" -> self.newItemAction
322 "register" -> self.registerAction
322 "login" -> self.login_action 323 "login" -> self.login_action
323 "logout" -> self.logout_action 324 "logout" -> self.logout_action
324 "register" -> self.register_action
325 "search" -> self.searchAction 325 "search" -> self.searchAction
326 326
327 ''' 327 '''
328 if not self.form.has_key(':action'): 328 if not self.form.has_key(':action'):
329 return None 329 return None
470 'roundup_user=deleted; Max-Age=0; expires=%s; Path=%s;'%(now, path)}) 470 'roundup_user=deleted; Max-Age=0; expires=%s; Path=%s;'%(now, path)})
471 471
472 # Let the user know what's going on 472 # Let the user know what's going on
473 self.ok_message.append(_('You are logged out')) 473 self.ok_message.append(_('You are logged out'))
474 474
475 def register_action(self): 475 def registerAction(self):
476 '''Attempt to create a new user based on the contents of the form 476 '''Attempt to create a new user based on the contents of the form
477 and then set the cookie. 477 and then set the cookie.
478 478
479 return 1 on successful login 479 return 1 on successful login
480 ''' 480 '''
481 # create the new user
482 cl = self.db.user
483
484 # parse the props from the form
485 try:
486 props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
487 except (ValueError, KeyError), message:
488 self.error_message.append(_('Error: ') + str(message))
489 return
490
481 # make sure we're allowed to register 491 # make sure we're allowed to register
482 userid = self.db.user.lookup(self.user) 492 if not self.registerPermission(props):
483 if not self.db.security.hasPermission('Web Registration', userid): 493 raise Unauthorised, _("You do not have permission to register")
484 raise Unauthorised, _("You do not have permission to access"\
485 " %(action)s.")%{'action': 'registration'}
486 494
487 # re-open the database as "admin" 495 # re-open the database as "admin"
488 if self.user != 'admin': 496 if self.user != 'admin':
489 self.opendb('admin') 497 self.opendb('admin')
490 498
491 # create the new user 499 # create the new user
492 cl = self.db.user 500 cl = self.db.user
493 try: 501 try:
494 props = parsePropsFromForm(self.db, cl, self.form) 502 props = parsePropsFromForm(self.db, cl, self.form)
495 props['roles'] = self.instance.NEW_WEB_USER_ROLES 503 props['roles'] = self.instance.NEW_WEB_USER_ROLES
496 uid = cl.create(**props) 504 self.userid = cl.create(**props)
497 self.db.commit() 505 self.db.commit()
498 except ValueError, message: 506 except ValueError, message:
499 self.error_message.append(message) 507 self.error_message.append(message)
500 508
501 # log the new user in 509 # log the new user in
502 self.user = cl.get(uid, 'username') 510 self.user = cl.get(self.userid, 'username')
503 # re-open the database for real, using the user 511 # re-open the database for real, using the user
504 self.opendb(self.user) 512 self.opendb(self.user)
505 password = cl.get(uid, 'password') 513 password = self.db.user.get(self.userid, 'password')
506 self.set_cookie(self.user, password) 514 self.set_cookie(self.user, password)
507 515
508 # nice message 516 # nice message
509 self.ok_message.append(_('You are now registered, welcome!')) 517 self.ok_message.append(_('You are now registered, welcome!'))
518
519 def registerPermission(self, props):
520 ''' Determine whether the user has permission to register
521
522 Base behaviour is to check the user has "Web Registration".
523 '''
524 # registration isn't allowed to supply roles
525 if props.has_key('roles'):
526 return 0
527 if self.db.security.hasPermission('Web Registration', self.userid):
528 return 1
529 return 0
510 530
511 def editItemAction(self): 531 def editItemAction(self):
512 ''' Perform an edit of an item in the database. 532 ''' Perform an edit of an item in the database.
513 533
514 Some special form elements: 534 Some special form elements:
587 'user'): 607 'user'):
588 return 0 608 return 0
589 # if the item being edited is the current user, we're ok 609 # if the item being edited is the current user, we're ok
590 if self.nodeid == self.userid: 610 if self.nodeid == self.userid:
591 return 1 611 return 1
592 if not self.db.security.hasPermission('Edit', self.userid, 612 if self.db.security.hasPermission('Edit', self.userid, self.classname):
593 self.classname): 613 return 1
594 return 0 614 return 0
595 return 1
596 615
597 def newItemAction(self): 616 def newItemAction(self):
598 ''' Add a new item to the database. 617 ''' Add a new item to the database.
599 618
600 This follows the same form as the editItemAction 619 This follows the same form as the editItemAction
661 ''' 680 '''
662 has = self.db.security.hasPermission 681 has = self.db.security.hasPermission
663 if self.classname == 'user' and has('Web Registration', self.userid, 682 if self.classname == 'user' and has('Web Registration', self.userid,
664 'user'): 683 'user'):
665 return 1 684 return 1
666 if not has('Edit', self.userid, self.classname): 685 if has('Edit', self.userid, self.classname):
667 return 0 686 return 1
668 return 1 687 return 0
669 688
670 def genericEditAction(self): 689 def genericEditAction(self):
671 ''' Performs an edit of all of a class' items in one go. 690 ''' Performs an edit of all of a class' items in one go.
672 691
673 The "rows" CGI var defines the CSV-formatted entries for the 692 The "rows" CGI var defines the CSV-formatted entries for the
Roundup Issue Tracker: http://roundup-tracker.org/