Mercurial > p > roundup > code
view roundup/cgi/timestamp.py @ 8126:f7bd22bdef9d permission-performance
Move permission check code to hyperdb
Now the hyperdb has a method filter_with_permissions that performs the
permission checks before (for filtering on sort/group/filterspec
arguments) and after a call to hyperdb.filter.
This also fixes possible problems on the unfiltered
sort/group/filterspec arguments in roundup/rest.py and
roundup/cgi/templating.py
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 21 Oct 2024 18:12:03 +0200 |
| parents | 216662fbaaee |
| children |
line wrap: on
line source
'''Set of functions of adding/checking timestamp to be used to limit form submission for cgi actions. ''' import base64 import binascii import struct import time from roundup.cgi.exceptions import FormError from roundup.i18n import _ from roundup.anypy.strings import b2s, s2b def pack_timestamp(): return b2s(base64.b64encode(struct.pack("i", int(time.time()))).strip()) def unpack_timestamp(s): try: timestamp = struct.unpack("i", base64.b64decode(s2b(s)))[0] except (struct.error, binascii.Error, TypeError): raise FormError(_("Form is corrupted.")) return timestamp class Timestamped: def timecheck(self, field, delay): try: created = unpack_timestamp(self.form[field].value) except KeyError: raise FormError(_("Form is corrupted, missing: %s.") % field) if time.time() - created < delay: raise FormError(_("Responding to form too quickly.")) return True