Mercurial > p > roundup > code
view website/issues/extensions/timestamp.py @ 5604:ed02a1e0aa5d REST-rebased
Fix actions
Permission for retire in roundup/actions.py was with 'Edit' permission,
not 'Retire' permission. Add a 'restore' action to roundup/actions.py.
Both are now correctly used in rest.py and xmlrpc.py (the latter had
some errors when printint error messages).
Also reworked the rest implementation: Despite the warnings in the
roundup API in hyperdb.py the DELETE http method would *destroy* and not
*retire* an item. This has been fixed. We also do not allow retire of a
complete class (although this was implemented) because this seems to
dangerous and we see no use-case.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Wed, 30 Jan 2019 14:12:27 +0100 |
| parents | 35ea9b1efc14 |
| children |
line wrap: on
line source
import time, struct, base64 from roundup.cgi.actions import RegisterAction from roundup.cgi.exceptions import * def timestamp(): return base64.encodestring(struct.pack("i", time.time())).strip() def unpack_timestamp(s): return struct.unpack("i",base64.decodestring(s))[0] class Timestamped: def check(self): try: created = unpack_timestamp(self.form['opaque'].value) except KeyError: raise FormError("somebody tampered with the form") if time.time() - created < 4: raise FormError("responding to the form too quickly") return True class TimestampedRegister(Timestamped, RegisterAction): def permission(self): self.check() RegisterAction.permission(self) def init(instance): instance.registerUtil('timestamp', timestamp) instance.registerAction('register', TimestampedRegister)
