Mercurial > p > roundup > code
view roundup/cgi/PageTemplates/PythonExpr.py @ 4781:6e9b9743de89
Implementation for:
http://issues.roundup-tracker.org/issue2550731
Add mechanism for the detectors to be able to tell the source of the
data changes.
Support for tx_Source property on database handle. Can be
used by detectors to find out the source of a change in an auditor to
block changes arriving by unauthenticated mechanisms (e.g. plain email
where headers can be faked). The property db.tx_Source has the
following values:
* None - Default value set to None. May be valid if it's a script
that is created by the user. Otherwise it's an error and indicates
that some code path is not properly setting the tx_Source property.
* "cli" - this string value is set when using roundup-admin and
supplied scripts.
* "web" - this string value is set when using any web based
technique: html interface, xmlrpc ....
* "email" - this string value is set when using an unauthenticated
email based technique.
* "email-sig-openpgp" - this string value is set when email with a
valid pgp signature is used. (*NOTE* the testing for this mode
is incomplete. If you have a pgp infrastructure you should test
and verify that this is properly set.)
This also includes some (possibly incomplete) tests cases for the
modes above and an example of using ts_Source in the customization.txt
document.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 23 Apr 2013 23:06:09 -0400 |
| parents | 6e3e4f24c753 |
| children | 35ea9b1efc14 |
line wrap: on
line source
############################################################################## # # Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved. # # This software is subject to the provisions of the Zope Public License, # Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution. # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE # ############################################################################## # Modified for Roundup: # # 1. more informative traceback info """Generic Python Expression Handler """ from TALES import CompilerError from sys import exc_info class getSecurityManager: '''Null security manager''' def validate(self, *args, **kwargs): return 1 addContext = removeContext = validateValue = validate class PythonExpr: def __init__(self, name, expr, engine): self.expr = expr = expr.strip().replace('\n', ' ') try: d = {} exec 'def f():\n return %s\n' % expr.strip() in d self._f = d['f'] except: raise CompilerError, ('Python expression error:\n' '%s: %s') % exc_info()[:2] self._get_used_names() def _get_used_names(self): self._f_varnames = vnames = [] for vname in self._f.func_code.co_names: if vname[0] not in '$_': vnames.append(vname) def _bind_used_names(self, econtext, _marker=[]): # Bind template variables names = {'CONTEXTS': econtext.contexts} vars = econtext.vars getType = econtext.getCompiler().getTypes().get for vname in self._f_varnames: val = vars.get(vname, _marker) if val is _marker: has = val = getType(vname) if has: val = ExprTypeProxy(vname, val, econtext) names[vname] = val else: names[vname] = val return names def __call__(self, econtext): __traceback_info__ = 'python expression "%s"'%self.expr f = self._f f.func_globals.update(self._bind_used_names(econtext)) return f() def __str__(self): return 'Python expression "%s"' % self.expr def __repr__(self): return '<PythonExpr %s>' % self.expr class ExprTypeProxy: '''Class that proxies access to an expression type handler''' def __init__(self, name, handler, econtext): self._name = name self._handler = handler self._econtext = econtext def __call__(self, text): return self._handler(self._name, text, self._econtext.getCompiler())(self._econtext)