Mercurial Repository: p/roundup/code: roundup/cgi/client.py comparison

comparison roundup/cgi/client.py @ 2005:fc52d57c6c3e

documentation cleanup

author	Richard Jones <richard@users.sourceforge.net>
date	Wed, 11 Feb 2004 23:55:10 +0000
parents	1782fe36e7b8
children	1b11ffd8015e

comparison

equal deleted inserted replaced

-:1782fe36e7b8
+:fc52d57c6c3e
-# $Id: client.py,v 1.155 2004-02-11 21:34:31 jlgijsbers Exp $
+# $Id: client.py,v 1.156 2004-02-11 23:55:09 richard Exp $
-__doc__ = """
+"""WWW request handler (also used in the stand-alone server).
-WWW request handler (also used in the stand-alone server).
 """
+__docformat__ = 'restructuredtext'
 import os, os.path, cgi, StringIO, urlparse, re, traceback, mimetypes, urllib
 import binascii, Cookie, time, random, stat, rfc822
 from roundup import roundupdb, date, hyperdb, password
 from roundup.cgi.exceptions import *
 from roundup.cgi.form_parser import FormParser
 from roundup.mailer import Mailer, MessageSendError
 def initialiseSecurity(security):
-''' Create some Permissions and Roles on the security object
+'''Create some Permissions and Roles on the security object
 This function is directly invoked by security.Security.__init__()
 as a part of the Security object instantiation.
 '''
 security.addPermission(name="Web Registration",
 description="User may register through the web")
 p = security.addPermission(name="Web Access",
 description="User may access the web interface")
 if ok.has_key(match.group(3).lower()):
 return match.group(1)
 return '&lt;%s&gt;'%match.group(2)
 class Client:
-''' Instantiate to handle one CGI request.
+'''Instantiate to handle one CGI request.
 See inner_main for request processing.
 Client attributes at instantiation:
-"path" is the PATH_INFO inside the instance (with no leading '/')
-"base" is the base URL for the instance
+- "path" is the PATH_INFO inside the instance (with no leading '/')
-"form" is the cgi form, an instance of FieldStorage from the standard
+- "base" is the base URL for the instance
-cgi module
+- "form" is the cgi form, an instance of FieldStorage from the standard
-"additional_headers" is a dictionary of additional HTTP headers that
+cgi module
-should be sent to the client
+- "additional_headers" is a dictionary of additional HTTP headers that
-"response_code" is the HTTP response code to send to the client
+should be sent to the client
+- "response_code" is the HTTP response code to send to the client
 During the processing of a request, the following attributes are used:
-"error_message" holds a list of error messages
-"ok_message" holds a list of OK messages
+- "error_message" holds a list of error messages
-"session" is the current user session id
+- "ok_message" holds a list of OK messages
-"user" is the current user's name
+- "session" is the current user session id
-"userid" is the current user's id
+- "user" is the current user's name
-"template" is the current :template context
+- "userid" is the current user's id
-"classname" is the current class context name
+- "template" is the current :template context
-"nodeid" is the current context item id
+- "classname" is the current class context name
+- "nodeid" is the current context item id
 User Identification:
 If the user has no login cookie, then they are anonymous and are logged
 in as that user. This typically gives them all Permissions assigned to the
 Anonymous Role.
 Once a user logs in, they are assigned a session. The Client instance
 keeps the nodeid of the session as the "session" attribute.
 Special form variables:
 Note that in various places throughout this code, special form
 variables of the form :<name> are used. The colon (":") part may
 actually be one of either ":" or "@".
 finally:
 if hasattr(self, 'db'):
 self.db.close()
 def inner_main(self):
-''' Process a request.
+'''Process a request.
 The most common requests are handled like so:
-1. figure out who we are, defaulting to the "anonymous" user
-see determine_user
+1. figure out who we are, defaulting to the "anonymous" user
-2. figure out what the request is for - the context
+see determine_user
-see determine_context
+2. figure out what the request is for - the context
-3. handle any requested action (item edit, search, ...)
+see determine_context
-see handle_action
+3. handle any requested action (item edit, search, ...)
-4. render a template, resulting in HTML output
+see handle_action
+4. render a template, resulting in HTML output
-In some situations, exceptions occur:
-- HTTP Redirect  (generally raised by an action)
+In some situations, exceptions occur:
-- SendFile       (generally raised by determine_context)
-serve up a FileClass "content" property
+- HTTP Redirect  (generally raised by an action)
-- SendStaticFile (generally raised by determine_context)
+- SendFile       (generally raised by determine_context)
-serve up a file from the tracker "html" directory
+serve up a FileClass "content" property
-- Unauthorised   (generally raised by an action)
+- SendStaticFile (generally raised by determine_context)
-the action is cancelled, the request is rendered and an error
+serve up a file from the tracker "html" directory
-message is displayed indicating that permission was not
+- Unauthorised   (generally raised by an action)
-granted for the action to take place
+the action is cancelled, the request is rendered and an error
-- templating.Unauthorised   (templating action not permitted)
+message is displayed indicating that permission was not
-raised by an attempted rendering of a template when the user
+granted for the action to take place
-doesn't have permission
+- templating.Unauthorised   (templating action not permitted)
-- NotFound       (raised wherever it needs to be)
+raised by an attempted rendering of a template when the user
-percolates up to the CGI interface that called the client
+doesn't have permission
+- NotFound       (raised wherever it needs to be)
+percolates up to the CGI interface that called the client
 '''
 self.ok_message = []
 self.error_message = []
 try:
 # figure out the context and desired content template
 if interval > week:
 otks.destroy(sessid)
 sessions.set('last_clean', last_use=time.time())
 def determine_user(self):
-'''Determine who the user is.
+''' Determine who the user is
 '''
-# open the database as admin
+# determine the uid to use
 self.opendb('admin')
-# clean age sessions
+# make sure we have the session Class
 self.clean_sessions()
-# make sure we have the session Class
 sessions = self.db.sessions
-# look up the user session cookie
+# first up, try the REMOTE_USER var (from HTTP Basic Auth handled
-cookie = Cookie.SimpleCookie(self.env.get('HTTP_COOKIE', ''))
+# by a front-end HTTP server)
+try:
+user = os.getenv('REMOTE_USER')
+except KeyError:
+pass
+# look up the user session cookie (may override the REMOTE_USER)
+cookie = Cookie.Cookie(self.env.get('HTTP_COOKIE', ''))
 user = 'anonymous'
-# bump the "revision" of the cookie since the format changed
 if (cookie.has_key(self.cookie_name) and
 cookie[self.cookie_name].value != 'deleted'):
 # get the session key from the cookie
 self.session = cookie[self.cookie_name].value
 # update the lifetime datestamp
 sessions.set(self.session, last_use=time.time())
 sessions.commit()
 user = sessions.get(self.session, 'user')
 except KeyError:
-user = 'anonymous'
+# not valid, ignore id
+pass
 # sanity check on the user still being valid, getting the userid
 # at the same time
 try:
 self.userid = self.db.user.lookup(user)
 # reopen the database as the correct user
 self.opendb(self.user)
 def determine_context(self, dre=re.compile(r'([^\d]+)(\d+)')):
-""" Determine the context of this page from the URL:
+"""Determine the context of this page from the URL:
 The URL path after the instance identifier is examined. The path
 is generally only one entry long.
 - if there is no path, then we are in the "home" context.
-* if the path is "_file", then the additional path entry
+- if the path is "_file", then the additional path entry
 specifies the filename of a static file we're to serve up
 from the instance "html" directory. Raises a SendStaticFile
-exception.
+exception.(*)
 - if there is something in the path (eg "issue"), it identifies
 the tracker class we're to display.
 - if the path is an item designator (eg "issue123"), then we're
 to display a specific item.
-* if the path starts with an item designator and is longer than
+- if the path starts with an item designator and is longer than
 one entry, then we're assumed to be handling an item of a
 FileClass, and the extra path information gives the filename
 that the client is going to label the download with (ie
 "file123/image.png" is nicer to download than "file123"). This
-raises a SendFile exception.
+raises a SendFile exception.(*)
 Both of the "*" types of contexts stop before we bother to
 determine the template we're going to use. That's because they
 don't actually use templates.
 The template used is specified by the :template CGI variable,
 which defaults to:
-only classname suplied:          "index"
+- only classname suplied:          "index"
-full item designator supplied:   "item"
+- full item designator supplied:   "item"
 We set:
 self.classname  - the class to display, can be None
 self.template   - the template to render the current context with
 self.nodeid     - the nodeid of the class we're displaying
 """
 # default the optional variables
 self.classname = None
 self.nodeid = None

Mercurial > p > roundup > code

comparison roundup/cgi/client.py @ 2005:fc52d57c6c3e