def _index(req, c, ln, doctype, act, startPg, access,
                   mainmenu, fromdir, nextPg, nbPg, curpage, step,
                   mode):
            auth_args = {}
            if doctype:
                auth_args['doctype'] = doctype
            if act:
                auth_args['act'] = act
            uid = getUid(req)

            if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
                return page_not_authorized(req, "direct",
                                            navmenuid='submit')

            if CFG_CERN_SITE:
                ## HACK BEGIN: this is a hack for CMS and ATLAS draft
                user_info = collect_user_info(req)
                if doctype == 'CMSPUB' and act == "" and 'cds-admin [CERN]' not in user_info['group'] and not user_info['email'].lower() == '*****@*****.**':
                    if isGuestUser(uid):
                        return redirect_to_url(req, "%s/youraccount/login%s" % (
                            CFG_SITE_SECURE_URL,
                            make_canonical_urlargd({'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln' : args['ln']}, {}))
                                               , norobot=True)
                    if 'cms-publication-committee-chair [CERN]' not in user_info['group']:
                        return page_not_authorized(req, "../submit", text="In order to access this submission interface you need to be member of the CMS Publication Committee Chair.",
                                        navmenuid='submit')
                elif doctype == 'ATLPUB' and 'cds-admin [CERN]' not in user_info['group'] and not user_info['email'].lower() == '*****@*****.**':
                    if isGuestUser(uid):
                        return redirect_to_url(req, "%s/youraccount/login%s" % (
                            CFG_SITE_SECURE_URL,
                            make_canonical_urlargd({'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln' : args['ln']}, {}))
                                               , norobot=True)
                    if 'atlas-gen [CERN]' not in user_info['group']:
                        return page_not_authorized(req, "../submit", text="In order to access this submission interface you need to be member of ATLAS.",
                                        navmenuid='submit')
            ## HACK END

            if doctype == "":
                catalogues_text, at_least_one_submission_authorized, submission_exists = makeCataloguesTable(req, ln=CFG_SITE_LANG)
                if not at_least_one_submission_authorized and submission_exists:

                    if isGuestUser(uid):
                        return redirect_to_url(req, "%s/youraccount/login%s" % (
                            CFG_SITE_SECURE_URL,
                            make_canonical_urlargd({'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln' : args['ln']}, {}))
                                            , norobot=True)
                    else:

                        return page_not_authorized(req, "../submit",
                                                   uid=uid,
                                                   navmenuid='submit')
                return home(req, catalogues_text, c, ln)
            elif act == "":
                return action(req, c, ln, doctype)
            elif int(step)==0:
                return interface(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage)
            else:
                return endaction(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage, step, mode)
Beispiel #2
0
def perform_info(req, ln):
    """Display the main features of CDS personalize"""
    out = ""
    uid = getUid(req)

    user_info = collect_user_info(req)
    return websession_templates.tmpl_account_info(ln=ln, uid=uid, guest=isGuestUser(uid), CFG_CERN_SITE=CFG_CERN_SITE)
Beispiel #3
0
def perform_youradminactivities(user_info, ln):
    """Return text for the `Your Admin Activities' box.  Analyze
       whether user UID has some admin roles, and if yes, then print
       suitable links for the actions he can do.  If he's not admin,
       print a simple non-authorized message."""
    your_role_actions = acc_find_user_role_actions(user_info)
    your_roles = []
    your_admin_activities = []
    guest = isGuestUser(user_info['uid'])
    for (role, action) in your_role_actions:
        if role not in your_roles:
            your_roles.append(role)
        if action not in your_admin_activities:
            your_admin_activities.append(action)

    if SUPERADMINROLE in your_roles:
        for action in ("runbibedit", "cfgbibformat", "cfgbibharvest", "cfgoairepository", "cfgbibrank", "cfgbibindex", "cfgwebaccess", "cfgwebcomment", "cfgwebsearch", "cfgwebsubmiit", "cfgbibknowledge", "runbatchuploader"):
            if action not in your_admin_activities:
                your_admin_activities.append(action)

    return websession_templates.tmpl_account_adminactivities(
             ln = ln,
             uid = user_info['uid'],
             guest = guest,
             roles = your_roles,
             activities = your_admin_activities,
           )
    def unsubscribe(self, req, form):
        """
        Unsubscribe current user from current discussion.
        """
        argd = wash_urlargd(form, {"referer": (str, None)})

        user_info = collect_user_info(req)
        uid = getUid(req)

        if isGuestUser(uid):
            cookie = mail_cookie_create_authorize_action(
                VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)}
            )
            target = "/youraccount/login" + make_canonical_urlargd(
                {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_URL + user_info["uri"]}, {}
            )
            return redirect_to_url(req, target, norobot=True)

        success = unsubscribe_user_from_discussion(self.recid, uid)
        display_url = "%s/record/%s/comments/display?subscribed=%s&ln=%s" % (
            CFG_SITE_URL,
            self.recid,
            str(-success),
            argd["ln"],
        )
        redirect_to_url(req, display_url)
    def subscribe(self, req, form):
        """
        Subscribe current user to receive email notification when new
        comments are added to current discussion.
        """
        argd = wash_urlargd(form, {'referer': (str, None)})

        uid = getUid(req)

        user_info = collect_user_info(req)
        (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid)
        if isGuestUser(uid):
            cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)})
            target = '/youraccount/login' + \
                make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \
                CFG_SITE_URL + user_info['uri']}, {})
            return redirect_to_url(req, target, norobot=True)
        elif auth_code:
            return page_not_authorized(req, "../", \
                text = auth_msg)

        success = subscribe_user_to_discussion(self.recid, uid)
        display_url = "%s/record/%s/comments/display?subscribed=%s&ln=%s" % \
                      (CFG_SITE_URL, self.recid, str(success), argd['ln'])
        redirect_to_url(req, display_url)
    def display(self, req, form):
        """Display search history page.  A misnomer."""

        argd = wash_urlargd(form, {'p': (str, "n")
                                   })

        uid = getUid(req)

        # load the right language
        _ = gettext_set_language(argd['ln'])

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/display" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/youralerts/display%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usealerts']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use alerts."))

        if argd['p'] == 'y':
            _title = _("Popular Searches")
        else:
            _title = _("Your Searches")

        # register event in webstat
        if user_info['email']:
            user_str = "%s (%d)" % (user_info['email'], user_info['uid'])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["display", "", user_str])
        except:
            register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'")

        return page(title=_title,
                    body=webalert.perform_display(argd['p'], uid, ln=argd['ln']),
                    navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % {
                                 'sitesecureurl' : CFG_SITE_SECURE_URL,
                                 'ln': argd['ln'],
                                 'account' : _("Your Account"),
                              },
                    description=_("%s Personalize, Display searches") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                    keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                    uid=uid,
                    language=argd['ln'],
                    req=req,
                    lastupdated=__lastupdated__,
                    navmenuid='youralerts',
                    secure_page_p=1)
    def update(self, req, form):

        argd = wash_urlargd(
            form,
            {
                "name": (str, None),
                "freq": (str, None),
                "notif": (str, None),
                "idb": (int, None),
                "idq": (int, None),
                "old_idb": (int, None),
            },
        )

        uid = getUid(req)

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/update" % (CFG_SITE_SECURE_URL,), navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req,
                "%s/youraccount/login%s"
                % (
                    CFG_SITE_SECURE_URL,
                    make_canonical_urlargd(
                        {
                            "referer": "%s/youralerts/update%s"
                            % (CFG_SITE_SECURE_URL, make_canonical_urlargd(argd, {})),
                            "ln": argd["ln"],
                        },
                        {},
                    ),
                ),
            )

        # load the right language
        _ = gettext_set_language(argd["ln"])
        user_info = collect_user_info(req)
        if not user_info["precached_usealerts"]:
            return page_not_authorized(req, "../", text=_("You are not authorized to use alerts."))

        try:
            html = webalert.perform_update_alert(
                argd["name"], argd["freq"], argd["notif"], argd["idb"], argd["idq"], argd["old_idb"], uid, ln=argd["ln"]
            )
        except webalert.AlertError, msg:
            return page(
                title=_("Error"),
                body=webalert_templates.tmpl_errorMsg(ln=argd["ln"], error_msg=msg),
                navtrail="""<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
                % {"sitesecureurl": CFG_SITE_SECURE_URL, "ln": argd["ln"], "account": _("Your Account")},
                description=_("%s Personalize, Set a new alert") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME),
                keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME),
                uid=uid,
                language=argd["ln"],
                req=req,
                lastupdated=__lastupdated__,
                navmenuid="youralerts",
            )
    def write(self, req, form):
        """ write(): interface for message composing
        @param msg_reply_id: if this message is a reply to another, id of the
                             other
        @param msg_to: if this message is not a reply, nickname of the user it
                       must be delivered to.
        @param msg_to_group: name of group to send message to
        @param ln: language
        @return: the compose page
        """
        argd = wash_urlargd(form, {'msg_reply_id': (int, 0),
                                   'msg_to': (str, ""),
                                   'msg_to_group': (str, ""),
                                   'msg_subject' : (str, ""),
                                   'msg_body' : (str, "")})

        # Check if user is logged
        uid = getUid(req)

        _ = gettext_set_language(argd['ln'])

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/write" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/yourmessages/write%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usemessages']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use messages."))

        # Request the composing page
        body = perform_request_write(
                                     uid=uid,
                                     msg_reply_id=argd['msg_reply_id'],
                                     msg_to=argd['msg_to'],
                                     msg_to_group=argd['msg_to_group'],
                                     msg_subject=argd['msg_subject'],
                                     msg_body=argd['msg_body'],
                                     ln=argd['ln'])
        title = _("Write a message")

        return page(title       = title,
                    body        = body,
                    navtrail    = get_navtrail(argd['ln'], title),
                    uid         = uid,
                    lastupdated = __lastupdated__,
                    req         = req,
                    language    = argd['ln'],
                    navmenuid   = "yourmessages",
                    secure_page_p=1)
    def _handler(req):
        """ This handler is invoked by mod_python with the apache request."""
        try:
            allowed_methods = ("GET", "POST", "HEAD", "OPTIONS")
            req.allow_methods(allowed_methods, 1)
            if req.method not in allowed_methods:
                raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED

            if req.method == 'OPTIONS':
                ## OPTIONS is used to now which method are allowed
                req.headers_out['Allow'] = ', '.join(allowed_methods)
                raise apache.SERVER_RETURN, apache.OK

            # Set user agent for fckeditor.py, which needs it here
            os.environ["HTTP_USER_AGENT"] = req.headers_in.get('User-Agent', '')

            guest_p = isGuestUser(getUid(req))

            uri = req.uri
            if uri == '/':
                path = ['']
            else:
                ## Let's collapse multiple slashes into a single /
                uri = RE_SLASHES.sub('/', uri)
                path = uri[1:].split('/')

            if uri.startswith('/yours') or not guest_p:
                ## Private/personalized request should not be cached
                req.headers_out['Cache-Control'] = 'private, no-cache, no-store, max-age=0, must-revalidate'
                req.headers_out['Pragma'] = 'no-cache'
                req.headers_out['Vary'] = '*'
            else:
                req.headers_out['Cache-Control'] = 'public, max-age=3600'
                req.headers_out['Vary'] = 'Cookie, ETag, Cache-Control'

            try:
                if req.header_only and not RE_SPECIAL_URI.match(req.uri):
                    return root._traverse(req, path, True, guest_p)
                else:
                    ## bibdocfile have a special treatment for HEAD
                    return root._traverse(req, path, False, guest_p)
            except TraversalError:
                raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
            except apache.SERVER_RETURN:
                ## This is one of mod_python way of communicating
                raise
            except IOError, exc:
                if 'Write failed, client closed connection' not in "%s" % exc:
                    ## Workaround for considering as false positive exceptions
                    ## rised by mod_python when the user close the connection
                    ## or in some other rare and not well identified cases.
                    register_exception(req=req, alert_admin=True)
                raise
            except Exception:
                register_exception(req=req, alert_admin=True)
                raise

            # Serve an error by default.
            raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
Beispiel #10
0
def perform_display_account(req, username, bask, aler, sear, msgs, loan, grps, sbms, appr, admn, ln):
    """Display a dynamic page that shows the user's account."""

    # load the right message language
    _ = gettext_set_language(ln)

    uid = getUid(req)
    user_info = collect_user_info(req)
    #your account
    if isGuestUser(uid):
        user = "******"
        login = "******" % (CFG_SITE_SECURE_URL, ln)
        accBody = _("You are logged in as guest. You may want to %(x_url_open)slogin%(x_url_close)s as a regular user.") %\
            {'x_url_open': '<a href="' + login + '">',
             'x_url_close': '</a>'}
        accBody += "<br /><br />"
        bask=aler=msgs= _("The %(x_fmt_open)sguest%(x_fmt_close)s users need to %(x_url_open)sregister%(x_url_close)s first") %\
            {'x_fmt_open': '<strong class="headline">',
             'x_fmt_close': '</strong>',
             'x_url_open': '<a href="' + login + '">',
             'x_url_close': '</a>'}
        sear= _("No queries found")
    else:
        user = username
        accBody = websession_templates.tmpl_account_body(
                    ln = ln,
                    user = user,
                  )

    #Display warnings if user is superuser
    roles = acc_find_user_role_actions(user_info)
    warnings = "0"
    for role in roles:
        if "superadmin" in role:
            warnings = "1"
            break

    warning_list = superuser_account_warnings()

    #check if tickets ok
    tickets = (acc_authorize_action(user_info, 'runbibedit')[0] == 0)

    return websession_templates.tmpl_account_page(
             ln = ln,
             warnings = warnings,
             warning_list = warning_list,
             accBody = accBody,
             baskets = bask,
             alerts = aler,
             searches = sear,
             messages = msgs,
             loans = loan,
             groups = grps,
             submissions = sbms,
             approvals = appr,
             tickets = tickets,
             administrative = admn
           )
        def _index(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage, step, mode):

            uid = getUid(req)
            if isGuestUser(uid):
                return redirect_to_url(
                    req,
                    "%s/youraccount/login%s"
                    % (
                        CFG_SITE_SECURE_URL,
                        make_canonical_urlargd({"referer": CFG_SITE_URL + req.unparsed_uri, "ln": args["ln"]}, {}),
                    ),
                    norobot=True,
                )

            if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
                return page_not_authorized(req, "../submit", navmenuid="submit")
            if CFG_CERN_SITE:
                ## HACK BEGIN: this is a hack for CMS and ATLAS draft
                from invenio.webuser import collect_user_info

                user_info = collect_user_info(req)
                if (
                    doctype == "CMSPUB"
                    and "cds-admin [CERN]" not in user_info["group"]
                    and not user_info["email"].lower() == "*****@*****.**"
                ):
                    if "cms-publication-committee-chair [CERN]" not in user_info["group"]:
                        return page_not_authorized(
                            req,
                            "../submit",
                            text="In order to access this submission interface you need to be member of the CMS Publication Committee Chair.",
                            navmenuid="submit",
                        )
                elif (
                    doctype == "ATLPUB"
                    and "cds-admin [CERN]" not in user_info["group"]
                    and not user_info["email"].lower() == "*****@*****.**"
                ):
                    if "atlas-gen [CERN]" not in user_info["group"]:
                        return page_not_authorized(
                            req,
                            "../submit",
                            text="In order to access this submission interface you need to be member of ATLAS.",
                            navmenuid="submit",
                        )
            ## HACK END

            if doctype == "":
                return home(req, c, ln)
            elif act == "":
                return action(req, c, ln, doctype)
            elif int(step) == 0:
                return interface(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage)
            else:
                return endaction(
                    req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage, step, mode
                )
    def index(self, req, form):
        """Index page."""

        argd = wash_urlargd(form, {'page': (int, 1),
                                   'format': (str, "rc"),
                                   'order_by': (str, "lcf"),
                                   'per_page': (str, "all"),
                                   })
        # TODO: support also "reviews", by adding  new option to show/hide them if needed
        uid = getUid(req)

        # load the right language
        _ = gettext_set_language(argd['ln'])

        # Is site ready to accept comments?
        if not CFG_WEBCOMMENT_ALLOW_COMMENTS or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourcomments" % \
                                             (CFG_SITE_SECURE_URL,),
                                       text="Comments are currently disabled on this site",
                                       navmenuid="yourcomments")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/yourcomments%s" % (
                        CFG_SITE_SECURE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_sendcomments']:
            # Maybe we should still authorize if user submitted
            # comments in the past?
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use comments."))

        return page(title=_("Your Comments"),
                    body=perform_display_your_comments(user_info,
                                                       page_number=argd['page'],
                                                       selected_order_by_option=argd['order_by'],
                                                       selected_display_number_option=argd['per_page'],
                                                       selected_display_format_option=argd['format'],
                                                       ln=argd['ln']),
                    navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % {
                                 'sitesecureurl' : CFG_SITE_SECURE_URL,
                                 'ln': argd['ln'],
                                 'account' : _("Your Account"),
                              },
                    description=_("%s View your previously submitted comments") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                    keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                    uid=uid,
                    language=argd['ln'],
                    req=req,
                    lastupdated=__lastupdated__,
                    navmenuid='youralerts',
                    secure_page_p=1)
    def list(self, req, form):

        argd = wash_urlargd(form, {})

        uid = getUid(req)

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/list" % (CFG_SITE_SECURE_URL,), navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req,
                "%s/youraccount/login%s"
                % (
                    CFG_SITE_SECURE_URL,
                    make_canonical_urlargd(
                        {
                            "referer": "%s/youralerts/list%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd(argd, {})),
                            "ln": argd["ln"],
                        },
                        {},
                    ),
                ),
            )

        # load the right language
        _ = gettext_set_language(argd["ln"])
        user_info = collect_user_info(req)
        if not user_info["precached_usealerts"]:
            return page_not_authorized(req, "../", text=_("You are not authorized to use alerts."))

        # register event in webstat
        if user_info["email"]:
            user_str = "%s (%d)" % (user_info["email"], user_info["uid"])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["list", "", user_str])
        except:
            register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'")

        return page(
            title=_("Your Alerts"),
            body=webalert.perform_list_alerts(uid, ln=argd["ln"]),
            navtrail="""<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
            % {"sitesecureurl": CFG_SITE_SECURE_URL, "ln": argd["ln"], "account": _("Your Account")},
            description=_("%s Personalize, Display alerts") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME),
            keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME),
            uid=uid,
            language=argd["ln"],
            req=req,
            lastupdated=__lastupdated__,
            navmenuid="youralerts",
        )
    def modify(self, req, form):

        argd = wash_urlargd(form, {'idq': (int, None),
                                   'old_idb': (int, None),
                                   'name': (str, ""),
                                   'freq': (str, "week"),
                                   'notif': (str, "y"),
                                   'idb': (int, 0),
                                   'error_msg': (str, ""),
                                   })

        uid = getUid(req)

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/modify" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/youralerts/modify%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})))

        # load the right language
        _ = gettext_set_language(argd['ln'])
        user_info = collect_user_info(req)
        if not user_info['precached_usealerts']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use alerts."))

        try:
            html = webalert.perform_input_alert("update", argd['idq'], argd['name'], argd['freq'],
                                                argd['notif'], argd['idb'], uid, argd['old_idb'], ln=argd['ln'])
        except webalert.AlertError, msg:
            return page(title=_("Error"),
                        body=webalert_templates.tmpl_errorMsg(ln=argd['ln'], error_msg=msg),
                        navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % {
                                     'sitesecureurl' : CFG_SITE_SECURE_URL,
                                     'ln': argd['ln'],
                                     'account' : _("Your Account"),
                                  },
                        description=_("%s Personalize, Set a new alert") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                        keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                        uid=uid,
                        language=argd['ln'],
                        req=req,
                        lastupdated=__lastupdated__,
                        navmenuid='youralerts')
    def display_msg(self, req, form):
        """
        Display a message
        @param msgid: id of message
        @param ln: languae
        @return: page
        """
        argd = wash_urlargd(form, {"msgid": (int, -1)})

        # Check if user is logged
        uid = getUid(req)
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/display_msg" % (CFG_SITE_URL,), navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req,
                "%s/youraccount/login%s"
                % (
                    CFG_SITE_SECURE_URL,
                    make_canonical_urlargd(
                        {
                            "referer": "%s/yourmessages/display_msg%s"
                            % (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                            "ln": argd["ln"],
                        },
                        {},
                    ),
                ),
            )

        _ = gettext_set_language(argd["ln"])

        user_info = collect_user_info(req)
        if not user_info["precached_usemessages"]:
            return page_not_authorized(req, "../", text=_("You are not authorized to use messages."))

        # Generate content
        (body, errors, warnings) = perform_request_display_msg(uid, argd["msgid"], argd["ln"])
        title = _("Read a message")
        return page(
            title=title,
            body=body,
            navtrail=get_navtrail(argd["ln"], title),
            uid=uid,
            lastupdated=__lastupdated__,
            req=req,
            language=argd["ln"],
            errors=errors,
            warnings=warnings,
            navmenuid="yourmessages",
        )
    def delete_all(self, req, form):
        """
        Empty user's inbox
        @param confimed: 1 if message is confirmed
        @param ln: language
        \return page
        """
        argd = wash_urlargd(form, {"confirmed": (int, 0)})

        # Check if user is logged
        uid = getUid(req)
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/delete_all" % (CFG_SITE_URL,), navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req,
                "%s/youraccount/login%s"
                % (
                    CFG_SITE_SECURE_URL,
                    make_canonical_urlargd(
                        {
                            "referer": "%s/yourmessages/delete_all%s"
                            % (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                            "ln": argd["ln"],
                        },
                        {},
                    ),
                ),
            )

        _ = gettext_set_language(argd["ln"])

        user_info = collect_user_info(req)
        if not user_info["precached_usemessages"]:
            return page_not_authorized(req, "../", text=_("You are not authorized to use messages."))

        # Generate content
        (body, errors, warnings) = perform_request_delete_all(uid, argd["confirmed"], argd["ln"])
        return page(
            title=_("Your Messages"),
            body=body,
            navtrail=get_navtrail(argd["ln"]),
            uid=uid,
            lastupdated=__lastupdated__,
            req=req,
            language=argd["ln"],
            errors=errors,
            warnings=warnings,
            navmenuid="yourmessages",
        )
Beispiel #17
0
def perform_list_alerts(uid, ln=CFG_SITE_LANG):
    """perform_list_alerts display the list of alerts for the connected user"""
    # set variables
    out = ""

    # query the database
    query = """ SELECT q.id, q.urlargs,
                       a.id_basket, b.name,
                       a.alert_name, a.frequency,a.notification,
                       DATE_FORMAT(a.date_creation,'%%Y-%%m-%%d %%H:%%i:%%s'),
                       DATE_FORMAT(a.date_lastrun,'%%Y-%%m-%%d %%H:%%i:%%s')
                FROM user_query_basket a LEFT JOIN query q ON a.id_query=q.id
                                         LEFT JOIN bskBASKET b ON a.id_basket=b.id
                WHERE a.id_user=%s
                ORDER BY a.alert_name ASC """
    res = run_sql(query, (uid,))
    alerts = []
    for (qry_id, qry_args,
         bsk_id, bsk_name,
         alrt_name, alrt_frequency, alrt_notification, alrt_creation, alrt_last_run) in res:
        try:
            if not qry_id:
                raise StandardError("""\
Warning: I have detected a bad alert for user id %d.
It seems one of his/her alert queries was deleted from the 'query' table.
Please check this and delete it if needed.
Otherwise no problem, I'm continuing with the other alerts now.
Here are all the alerts defined by this user: %s""" % (uid, repr(res)))
            alerts.append({
                 'queryid' : qry_id,
                 'queryargs' : qry_args,
                 'textargs' : get_textual_query_info_from_urlargs(qry_args, ln=ln),
                 'userid' : uid,
                 'basketid' : bsk_id,
                 'basketname' : bsk_name,
                 'alertname' : alrt_name,
                 'frequency' : alrt_frequency,
                 'notification' : alrt_notification,
                 'created' : convert_datetext_to_dategui(alrt_creation),
                 'lastrun' : convert_datetext_to_dategui(alrt_last_run)
                 })
        except StandardError:
            register_exception(alert_admin=True)

    # link to the "add new alert" form
    out = webalert_templates.tmpl_list_alerts(ln=ln, alerts=alerts,
                                              guest=isGuestUser(uid),
                                              guesttxt=warning_guest_user(type="alerts", ln=ln))
    return out
    def display(self, req, form):
        """
        Displays all loans of a given user
        @param ln:  language
        @return the page for inbox
        """

        argd = wash_urlargd(form, {'barcode': (str, ""),
                                   'borrower_id': (int, 0),
                                   'request_id': (int, 0)})

        # Check if user is logged
        uid = getUid(req)
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourloans/display" % \
                                       (CFG_SITE_URL,),
                                       navmenuid="yourloans")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/yourloans/display%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})), norobot=True)

        _ = gettext_set_language(argd['ln'])

        user_info = collect_user_info(req)
        if not user_info['precached_useloans']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use loans."))

        body = perform_borrower_loans(uid=uid,
                                      barcode=argd['barcode'],
                                      borrower_id=argd['borrower_id'],
                                      request_id=argd['request_id'],
                                      ln=argd['ln'])

        return page(title       = _("Your Loans"),
                    body        = body,
                    uid         = uid,
                    lastupdated = __lastupdated__,
                    req         = req,
                    language    = argd['ln'],
                    navmenuid   = "yourloans",
                    secure_page_p=1)
    def display(self, req, form):
        """
        Displays the Inbox of a given user
        @param ln:  language
        @return: the page for inbox
        """
        argd = wash_urlargd(form, {})

        # Check if user is logged
        uid = getUid(req)
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/display" % (CFG_SITE_URL,), navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req,
                "%s/youraccount/login%s"
                % (
                    CFG_SITE_SECURE_URL,
                    make_canonical_urlargd(
                        {
                            "referer": "%s/yourmessages/display%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                            "ln": argd["ln"],
                        },
                        {},
                    ),
                ),
            )

        _ = gettext_set_language(argd["ln"])
        user_info = collect_user_info(req)
        if not user_info["precached_usemessages"]:
            return page_not_authorized(req, "../", text=_("You are not authorized to use messages."))

        (body, errors, warnings) = perform_request_display(uid=uid, ln=argd["ln"])

        return page(
            title=_("Your Messages"),
            body=body,
            navtrail=get_navtrail(argd["ln"]),
            uid=uid,
            lastupdated=__lastupdated__,
            req=req,
            language=argd["ln"],
            errors=errors,
            warnings=warnings,
            navmenuid="yourmessages",
        )
    def delete(self, req, form):
        """
        Suppress a message
        @param msgid: id of message
        @param ln: language
        @return: page
        """
        argd = wash_urlargd(form, {'msgid': (int, -1),
                                   })

        # Check if user is logged
        uid = getUid(req)
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/delete" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/yourmessages/delete%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})))

        _ = gettext_set_language(argd['ln'])

        user_info = collect_user_info(req)
        if not user_info['precached_usemessages']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use messages."))

        # Generate content
        (body, errors, warnings) = perform_request_delete_msg(uid,
                                                              argd['msgid'],
                                                              argd['ln'])
        return page(title       = _("Your Messages"),
                    body        = body,
                    navtrail    = get_navtrail(argd['ln']),
                    uid         = uid,
                    lastupdated = __lastupdated__,
                    req         = req,
                    language    = argd['ln'],
                    errors      = errors,
                    warnings    = warnings,
                    navmenuid   = "yourmessages",
                    secure_page_p=1)
    def toggle(self, req, form):
        """
        Store the visibility of a comment for current user
        """
        argd = wash_urlargd(form, {'comid': (int, -1),
                                   'referer': (str, None),
                                   'collapse': (int, 1)})

        uid = getUid(req)

        if isGuestUser(uid):
            # We do not store information for guests
            return ''

        toggle_comment_visibility(uid, argd['comid'], argd['collapse'], self.recid)
        if argd['referer']:
            return redirect_to_url(req, CFG_SITE_SECURE_URL + \
                                   (not argd['referer'].startswith('/') and '/' or '') + \
                                   argd['referer'] + '#' + str(argd['comid']))
    def unsubscribe(self, req, form):
        """
        Unsubscribe current user from current discussion.
        """
        argd = wash_urlargd(form, {'referer': (str, None)})

        user_info = collect_user_info(req)
        uid = getUid(req)

        if isGuestUser(uid):
            cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)})
            target = '/youraccount/login' + \
                make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \
                CFG_SITE_SECURE_URL + user_info['uri']}, {})
            return redirect_to_url(req, target, norobot=True)

        success = unsubscribe_user_from_discussion(self.recid, uid)
        display_url = "%s/%s/%s/comments/display?subscribed=%s&ln=%s" % \
                      (CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, str(-success), argd['ln'])
        redirect_to_url(req, display_url)
    def loanshistoricaloverview(self, req, form):
        """
        Show loans historical overview.
        """

        argd = wash_urlargd(form, {})

        # Check if user is logged
        uid = getUid(req)
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourloans/loanshistoricaloverview" % \
                                       (CFG_SITE_URL,),
                                       navmenuid="yourloans")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/yourloans/loanshistoricaloverview%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})), norobot=True)

        _ = gettext_set_language(argd['ln'])

        user_info = collect_user_info(req)
        if not user_info['precached_useloans']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use loans."))

        body = perform_loanshistoricaloverview(uid=uid,
                                               ln=argd['ln'])

        return page(title       = _("Loans - historical overview"),
                    body        = body,
                    uid         = uid,
                    lastupdated = __lastupdated__,
                    req         = req,
                    language    = argd['ln'],
                    navmenuid   = "yourloans",
                    secure_page_p=1)
    def display(self, req, form):
        """
        Displays all loans of a given user
        @param ln:  language
        @return the page for inbox
        """

        argd = wash_urlargd(form, {})

        # Check if user is logged
        uid = getUid(req)
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/ill/display" % \
                                       (CFG_SITE_URL,),
                                       navmenuid="ill")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/ill/display%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})), norobot=True)

        _ = gettext_set_language(argd['ln'])

        user_info = collect_user_info(req)
        if not user_info['precached_useloans']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use ill."))

        body = display_ill_form(ln=argd['ln'])

        return page(title       = _("Interlibrary loan request for books"),
                    body        = body,
                    uid         = uid,
                    lastupdated = __lastupdated__,
                    req         = req,
                    language    = argd['ln'],
                    navmenuid   = "ill")
Beispiel #25
0
def perform_input_alert(action, id_query, alert_name, frequency, notification, id_basket, uid, old_id_basket=None, ln = CFG_SITE_LANG):
    """get the alert settings
    input:  action="add" for a new alert (blank form), action="modify" for an update
            (get old values)
            id_query id the identifier of the search to be alerted
            for the "modify" action specify old alert_name, frequency of checking,
            e-mail notification and basket id.
    output: alert settings input form"""
    # load the right language
    _ = gettext_set_language(ln)
    # security check:
    if not check_user_can_add_alert(uid, id_query):
        raise AlertError(_("You do not have rights for this operation."))
    # display query information
    res = run_sql("SELECT urlargs FROM query WHERE id=%s", (id_query,))
    try:
        urlargs = res[0][0]
    except:
        urlargs = "UNKNOWN"
    baskets = create_personal_baskets_selection_box(uid=uid,
                                                    html_select_box_name='idb',
                                                    selected_bskid=old_id_basket,
                                                    ln=ln)
    return webalert_templates.tmpl_input_alert(
             ln = ln,
             query = get_textual_query_info_from_urlargs(urlargs, ln = ln),
             action = action,
             frequency = frequency,
             notification = notification,
             alert_name = alert_name,
             baskets = baskets,
             old_id_basket = old_id_basket,
             id_basket = id_basket,
             id_query = id_query,
             guest = isGuestUser(uid),
             guesttxt = warning_guest_user(type="alerts", ln=ln)
           )
    def _handler(req):
        """ This handler is invoked by mod_python with the apache request."""
        try:
            allowed_methods = ("GET", "POST", "HEAD", "OPTIONS")
            req.allow_methods(allowed_methods, 1)
            if req.method not in allowed_methods:
                raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED

            if req.method == 'OPTIONS':
                ## OPTIONS is used to now which method are allowed
                req.headers_out['Allow'] = ', '.join(allowed_methods)
                raise apache.SERVER_RETURN, apache.OK

            # Set user agent for fckeditor.py, which needs it here
            os.environ["HTTP_USER_AGENT"] = req.headers_in.get('User-Agent', '')

            guest_p = isGuestUser(getUid(req))

            uri = req.uri
            if uri == '/':
                path = ['']
            else:
                ## Let's collapse multiple slashes into a single /
                uri = RE_SLASHES.sub('/', uri)
                path = uri[1:].split('/')

            if CFG_ACCESS_CONTROL_LEVEL_SITE > 1:
                ## If the site is under maintainance mode let's return
                ## 503 to casual crawler to avoid having the site being
                ## indexed
                req.status = 503

            if uri.startswith('/yours') or not guest_p:
                ## Private/personalized request should not be cached
                g = _RE_BAD_MSIE.search(req.headers_in.get('User-Agent', "MSIE 6.0"))
                bad_msie = g and float(g.group(1)) < 9.0
                if bad_msie:
                    req.headers_out['Cache-Control'] = 'private, max-age=0, must-revalidate'
                else:
                    req.headers_out['Cache-Control'] = 'private, no-cache, no-store, max-age=0, must-revalidate'
                    req.headers_out['Pragma'] = 'no-cache'
                    req.headers_out['Vary'] = '*'
            else:
                req.headers_out['Cache-Control'] = 'public, max-age=3600'
                req.headers_out['Vary'] = 'Cookie, ETag, Cache-Control'

            try:
                if req.header_only and not RE_SPECIAL_URI.match(req.uri):
                    return root._traverse(req, path, True, guest_p)
                else:
                    ## bibdocfile have a special treatment for HEAD
                    return root._traverse(req, path, False, guest_p)
            except TraversalError:
                raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
            except apache.SERVER_RETURN:
                ## This is one of mod_python way of communicating
                raise
            except IOError, exc:
                if 'Write failed, client closed connection' not in "%s" % exc:
                    ## Workaround for considering as false positive exceptions
                    ## rised by mod_python when the user close the connection
                    ## or in some other rare and not well identified cases.
                    register_exception(req=req, alert_admin=True)
                raise
            except Exception:
                # send the error message, much more convenient than log hunting
                if remote_debugger:
                    args = {}
                    if req.args:
                        args = cgi.parse_qs(req.args)
                        if 'debug' in args:
                            remote_debugger.error_msg(args['debug'])
                register_exception(req=req, alert_admin=True)
                raise

            # Serve an error by default.
            raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
Beispiel #27
0
    def report(self, req, form):
        """
        Report a comment/review for inappropriate content
        @param comid: comment/review id
        @param recid: the id of the record the comment/review is associated with
        @param ln: language
        @param do: display order    hh = highest helpful score, review only
                                    lh = lowest helpful score, review only
                                    hs = highest star score, review only
                                    ls = lowest star score, review only
                                    od = oldest date
                                    nd = newest date
        @param ds: display since    all= no filtering by date
                                    nd = n days ago
                                    nw = n weeks ago
                                    nm = n months ago
                                    ny = n years ago
                                    where n is a single digit integer between 0 and 9
        @param nb: number of results per page
        @param p: results page
        @param referer: http address of the calling function to redirect to (refresh)
        @param reviews: boolean, enabled for reviews, disabled for comments
        """

        argd = wash_urlargd(
            form, {
                'comid': (int, -1),
                'recid': (int, -1),
                'do': (str, "od"),
                'ds': (str, "all"),
                'nb': (int, 100),
                'p': (int, 1),
                'referer': (str, None)
            })
        _ = gettext_set_language(argd['ln'])

        client_ip_address = req.remote_ip
        uid = getUid(req)

        user_info = collect_user_info(req)
        (auth_code,
         auth_msg) = check_user_can_view_comments(user_info, self.recid)
        if isGuestUser(uid):
            cookie = mail_cookie_create_authorize_action(
                VIEWRESTRCOLL, {
                    'collection': guess_primary_collection_of_a_record(
                        self.recid)
                })
            target = '/youraccount/login' + \
                make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \
                CFG_SITE_URL + user_info['uri']}, {})
            return redirect_to_url(req, target, norobot=True)
        elif auth_code:
            return page_not_authorized(req, "../", \
                text = auth_msg)

        # Check that comment belongs to this recid
        if not check_comment_belongs_to_record(argd['comid'], self.recid):
            return page_not_authorized(req, "../", \
                                       text = _("Specified comment does not belong to this record"))

        # Check that user can access the record
        (auth_code,
         auth_msg) = check_user_can_view_comment(user_info, argd['comid'])
        if auth_code:
            return page_not_authorized(req, "../", \
                                       text = _("You do not have access to the specified comment"))

        # Check that comment is not currently deleted
        if is_comment_deleted(argd['comid']):
            return page_not_authorized(req, "../", \
                                       text = _("You cannot report a deleted comment"),
                                       ln=argd['ln'])

        success = perform_request_report(argd['comid'], client_ip_address, uid)
        if argd['referer']:
            argd[
                'referer'] += "?ln=%s&amp;do=%s&amp;ds=%s&amp;nb=%s&amp;p=%s&amp;reported=%s&amp;" % (
                    argd['ln'], argd['do'], argd['ds'], argd['nb'], argd['p'],
                    str(success))

            redirect_to_url(req, argd['referer'])
        else:
            #Note: sent to comments display
            referer = "%s/record/%s/%s/display?ln=%s&amp;voted=1"
            referer %= (CFG_SITE_URL, self.recid,
                        self.discussion == 1 and 'reviews'
                        or 'comments', argd['ln'])
            redirect_to_url(req, referer)
    def send(self, req, form):
        """
        Sends the message.

        Possible form keys:
        @param msg_to_user: comma separated usernames.
        @type msg_to_user: string
        @param msg_to_group: comma separated groupnames.
        @type msg_to_group: string
        @param msg_subject: message subject.
        @type msg_subject: string
        @param msg_body: message body.
        @type msg_body: string
        @param msg_send_year: year to send this message on.
        @type msg_send_year: int
        @param_msg_send_month: month to send this message on
        @type msg_send_month: year
        @param_msg_send_day: day to send this message on
        @type msg_send_day: int
        @param results_field: value determining which results field to display.
                              See CFG_WEBMESSAGE_RESULTS_FIELD in
                              webmessage_config.py.
        @param names_to_add: list of usernames to add to
                             msg_to_user / group.
        @type names_to_add: list of strings
        @param search_pattern: will search for users/groups with this pattern.
        @type search_pattern: string
        @param add_values: if 1 users_to_add will be added to msg_to_user
                           field.
        @type add_values: int
        @param *button: which button was pressed.
        @param ln: language.
        @type ln: string
        @return: body.
        """
        argd = wash_urlargd(
            form, {
                'msg_to_user': (str, ""),
                'msg_to_group': (str, ""),
                'msg_subject': (str, ""),
                'msg_body': (str, ""),
                'msg_send_year': (int, 0),
                'msg_send_month': (int, 0),
                'msg_send_day': (int, 0),
                'results_field': (str, CFG_WEBMESSAGE_RESULTS_FIELD['NONE']),
                'names_selected': (list, []),
                'search_pattern': (str, ""),
                'send_button': (str, ""),
                'search_user': (str, ""),
                'search_group': (str, ""),
                'add_user': (str, ""),
                'add_group': (str, ""),
            })
        # Check if user is logged
        uid = getUid(req)
        _ = gettext_set_language(argd['ln'])
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/send" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req, "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(
                     {
                         'referer':
                         "%s/yourmessages/send%s" %
                         (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                         "ln":
                         argd['ln']
                     }, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usemessages']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use messages."))

        if argd['send_button']:
            (body, title, navtrail) = perform_request_send(
                uid=uid,
                msg_to_user=argd['msg_to_user'],
                msg_to_group=argd['msg_to_group'],
                msg_subject=escape_html(argd['msg_subject']),
                msg_body=escape_email_quoted_text(argd['msg_body']),
                msg_send_year=argd['msg_send_year'],
                msg_send_month=argd['msg_send_month'],
                msg_send_day=argd['msg_send_day'],
                ln=argd['ln'])
        else:
            title = _('Write a message')
            navtrail = get_navtrail(argd['ln'], title)
            if argd['search_user']:
                argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['USER']
            elif argd['search_group']:
                argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['GROUP']
            add_values = 0
            if argd['add_group'] or argd['add_user']:
                add_values = 1
            body = perform_request_write_with_search(
                uid=uid,
                msg_to_user=argd['msg_to_user'],
                msg_to_group=argd['msg_to_group'],
                msg_subject=escape_html(argd['msg_subject']),
                msg_body=escape_email_quoted_text(argd['msg_body']),
                msg_send_year=argd['msg_send_year'],
                msg_send_month=argd['msg_send_month'],
                msg_send_day=argd['msg_send_day'],
                names_selected=argd['names_selected'],
                search_pattern=argd['search_pattern'],
                results_field=argd['results_field'],
                add_values=add_values,
                ln=argd['ln'])
        return page(title=title,
                    body=body,
                    navtrail=navtrail,
                    uid=uid,
                    lastupdated=__lastupdated__,
                    req=req,
                    language=argd['ln'],
                    navmenuid="yourmessages",
                    secure_page_p=1)
Beispiel #29
0
        def _index(req, c, ln, doctype, act, startPg, access, mainmenu,
                   fromdir, nextPg, nbPg, curpage, step, mode):
            auth_args = {}
            if doctype:
                auth_args['doctype'] = doctype
            if act:
                auth_args['act'] = act
            uid = getUid(req)

            if CFG_CERN_SITE:
                ## HACK BEGIN: this is a hack for CMS and ATLAS draft
                user_info = collect_user_info(req)
                if doctype == 'CMSPUB' and act == "" and 'cds-admin [CERN]' not in user_info[
                        'group'] and not user_info['email'].lower(
                        ) == '*****@*****.**':
                    if isGuestUser(uid):
                        return redirect_to_url(
                            req,
                            "%s/youraccount/login%s" %
                            (CFG_SITE_SECURE_URL,
                             make_canonical_urlargd(
                                 {
                                     'referer':
                                     CFG_SITE_SECURE_URL + req.unparsed_uri,
                                     'ln': args['ln']
                                 }, {})),
                            norobot=True)
                    if 'cms-publication-committee-chair [CERN]' not in user_info[
                            'group']:
                        return page_not_authorized(
                            req,
                            "../submit",
                            text=
                            "In order to access this submission interface you need to be member of the CMS Publication Committee Chair.",
                            navmenuid='submit')
                elif doctype == 'ATLPUB' and 'cds-admin [CERN]' not in user_info[
                        'group'] and not user_info['email'].lower(
                        ) == '*****@*****.**':
                    if isGuestUser(uid):
                        return redirect_to_url(
                            req,
                            "%s/youraccount/login%s" %
                            (CFG_SITE_SECURE_URL,
                             make_canonical_urlargd(
                                 {
                                     'referer':
                                     CFG_SITE_SECURE_URL + req.unparsed_uri,
                                     'ln': args['ln']
                                 }, {})),
                            norobot=True)
                    if 'atlas-gen [CERN]' not in user_info['group']:
                        return page_not_authorized(
                            req,
                            "../submit",
                            text=
                            "In order to access this submission interface you need to be member of ATLAS.",
                            navmenuid='submit')
            ## HACK END

            if doctype == "":
                catalogues_text, at_least_one_submission_authorized, submission_exists = makeCataloguesTable(
                    req, ln=CFG_SITE_LANG)
                if not at_least_one_submission_authorized and submission_exists:

                    if isGuestUser(uid):
                        return redirect_to_url(
                            req,
                            "%s/youraccount/login%s" %
                            (CFG_SITE_SECURE_URL,
                             make_canonical_urlargd(
                                 {
                                     'referer':
                                     CFG_SITE_SECURE_URL + req.unparsed_uri,
                                     'ln': args['ln']
                                 }, {})),
                            norobot=True)
                    else:

                        return page_not_authorized(req,
                                                   "../submit",
                                                   uid=uid,
                                                   navmenuid='submit')
                return home(req, catalogues_text, c, ln)
            elif act == "":
                return action(req, c, ln, doctype)
            elif int(step) == 0:
                return interface(req, c, ln, doctype, act, startPg, access,
                                 mainmenu, fromdir, nextPg, nbPg, curpage)
            else:
                return endaction(req, c, ln, doctype, act, startPg, access,
                                 mainmenu, fromdir, nextPg, nbPg, curpage,
                                 step, mode)
    def managedocfilesasync(self, req, form):
        "Upload file and returns upload interface"

        argd = wash_urlargd(
            form, {
                'ln': (str, ''),
                'recid': (int, 1),
                'doctype': (str, ''),
                'access': (str, ''),
                'indir': (str, ''),
            })

        user_info = collect_user_info(req)
        include_headers = False
        # User submitted either through WebSubmit, or admin interface.
        if form.has_key('doctype') and form.has_key('indir') \
               and form.has_key('access'):
            # Submitted through WebSubmit. Check rights
            include_headers = True
            working_dir = os.path.join(CFG_WEBSUBMIT_STORAGEDIR, argd['indir'],
                                       argd['doctype'], argd['access'])
            try:
                assert (working_dir == os.path.abspath(working_dir))
            except AssertionError:
                raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED)
            try:
                # Retrieve recid from working_dir, safer.
                recid_fd = file(os.path.join(working_dir, 'SN'))
                recid = int(recid_fd.read())
                recid_fd.close()
            except:
                recid = ""
            try:
                act_fd = file(os.path.join(working_dir, 'act'))
                action = act_fd.read()
                act_fd.close()
            except:
                action = ""

            # Is user authorized to perform this action?
            auth_code = acc_authorize_action(
                user_info,
                "submit",
                authorized_if_no_roles=not isGuestUser(getUid(req)),
                doctype=argd['doctype'],
                act=action)[0]
            if auth_code and not acc_is_role(
                    "submit", doctype=argd['doctype'], act=action):
                # There is NO authorization plugged. User should have access
                auth_code = 0
        else:
            # User must be allowed to attach files
            auth_code = acc_authorize_action(user_info, 'runbibdocfile')[0]
            recid = argd['recid']

        if auth_code:
            raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED)

        return create_file_upload_interface(recid=recid,
                                            ln=argd['ln'],
                                            print_outside_form_tag=False,
                                            print_envelope=False,
                                            form=form,
                                            include_headers=include_headers,
                                            sbm_indir=argd['indir'],
                                            sbm_access=argd['access'],
                                            sbm_doctype=argd['doctype'],
                                            uid=user_info['uid'])[1]
            # Retrieve user information. We cannot rely on the session here.
            res = run_sql("SELECT uid FROM session WHERE session_key=%s", (argd['session_id'],))
            if len(res):
                uid = res[0][0]
                user_info = collect_user_info(uid)
                try:
                    act_fd = file(os.path.join(curdir, 'act'))
                    action = act_fd.read()
                    act_fd.close()
                except:
                    act = ""

        # Is user authorized to perform this action?
        (auth_code, auth_message) = acc_authorize_action(uid, "submit",
                                                         authorized_if_no_roles=not isGuestUser(uid),
                                                         verbose=0,
                                                         doctype=argd['doctype'],
                                                         act=action)
        if acc_is_role("submit", doctype=argd['doctype'], act=action) and auth_code != 0:
            # User cannot submit
            raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED)
        else:
            # Process the upload and get the response
            json_response = {}
            for key, formfields in form.items():
                filename = key.replace("[]", "")
                if hasattr(formfields, "filename") and formfields.filename:
                    dir_to_open = os.path.abspath(os.path.join(curdir,
                                                               'files',
                                                               str(user_info['uid']),
Beispiel #32
0
    def _handler(req):
        """ This handler is invoked by mod_python with the apache request."""
        allowed_methods = ("GET", "POST", "HEAD", "OPTIONS", "PUT")
        req.allow_methods(allowed_methods, 1)
        if req.method not in allowed_methods:
            raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED

        if req.method == 'OPTIONS':
            ## OPTIONS is used to now which method are allowed
            req.headers_out['Allow'] = ', '.join(allowed_methods)
            req.headers_out['Access-Control-Allow-Origin'] = '*'
            raise apache.SERVER_RETURN, apache.OK

        # Set user agent for fckeditor.py, which needs it here
        os.environ["HTTP_USER_AGENT"] = req.headers_in.get('User-Agent', '')

        # Check if REST authentication can be performed
        if req.args:
            args = cgi.parse_qs(req.args)
            if 'apikey' in args and req.is_https():
                uid = web_api_key.acc_get_uid_from_request(req.uri, req.args)
                if uid < 0:
                    raise apache.SERVER_RETURN, apache.HTTP_UNAUTHORIZED
                else:
                    setUid(req=req, uid=uid)

        guest_p = isGuestUser(getUid(req), run_on_slave=False)

        uri = req.uri
        if uri == '/':
            path = ['']
        else:
            ## Let's collapse multiple slashes into a single /
            uri = RE_SLASHES.sub('/', uri)
            path = uri[1:].split('/')

        if CFG_ACCESS_CONTROL_LEVEL_SITE > 1:
            ## If the site is under maintainance mode let's return
            ## 503 to casual crawler to avoid having the site being
            ## indexed
            req.status = 503

        g = _RE_BAD_MSIE.search(req.headers_in.get('User-Agent', "MSIE 6.0"))
        bad_msie = g and float(g.group(1)) < 9.0
        if uri.startswith('/yours') or not guest_p:
            ## Private/personalized request should not be cached
            if bad_msie and req.is_https():
                req.headers_out[
                    'Cache-Control'] = 'private, max-age=0, must-revalidate'
            else:
                req.headers_out[
                    'Cache-Control'] = 'private, no-cache, no-store, max-age=0, must-revalidate'
                req.headers_out['Pragma'] = 'no-cache'
                req.headers_out['Vary'] = '*'
        elif not (bad_msie and req.is_https()):
            req.headers_out['Cache-Control'] = 'public, max-age=3600'
            req.headers_out['Vary'] = 'Cookie, ETag, Cache-Control'

        try:
            if req.header_only and not RE_SPECIAL_URI.match(req.uri):
                return root._traverse(req, path, True, guest_p)
            else:
                ## bibdocfile have a special treatment for HEAD
                return root._traverse(req, path, False, guest_p)
        except TraversalError:
            raise apache.SERVER_RETURN(apache.HTTP_NOT_FOUND)
        except apache.SERVER_RETURN:
            ## This is one of mod_python way of communicating
            raise
        except IOError, exc:
            if not ('Write failed, client closed connection' in str(exc)
                    or 'request data read error' in str(exc)):
                ## Workaround for considering as false positive exceptions
                ## rised by mod_python when the user close the connection
                ## or in some other rare and not well identified cases.
                register_exception(req=req, alert_admin=True)
                raise
            else:
                raise apache.SERVER_RETURN(apache.HTTP_BAD_REQUEST)
    def remove(self, req, form):

        argd = wash_urlargd(form, {
            'name': (str, None),
            'idq': (int, None),
            'idb': (int, None),
        })

        uid = getUid(req)

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/remove" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req, "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(
                     {
                         'referer':
                         "%s/youralerts/remove%s" %
                         (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                         "ln":
                         argd['ln']
                     }, {})))

        # load the right language
        _ = gettext_set_language(argd['ln'])
        user_info = collect_user_info(req)
        if not user_info['precached_usealerts']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use alerts."))

        try:
            html = webalert.perform_remove_alert(argd['name'],
                                                 argd['idq'],
                                                 argd['idb'],
                                                 uid,
                                                 ln=argd['ln'])
        except webalert.AlertError, msg:
            return page(
                title=_("Error"),
                body=webalert_templates.tmpl_errorMsg(ln=argd['ln'],
                                                      error_msg=msg),
                navtrail=
                """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
                % {
                    'sitesecureurl': CFG_SITE_SECURE_URL,
                    'ln': argd['ln'],
                    'account': _("Your Account"),
                },
                description=_("%s Personalize, Set a new alert") %
                CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                keywords=_("%s, personalize") %
                CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
                uid=uid,
                language=argd['ln'],
                req=req,
                lastupdated=__lastupdated__,
                navmenuid='youralerts')
    def display(self, req, form):
        """Display search history page.  A misnomer."""

        argd = wash_urlargd(form, {'p': (str, "n")})

        uid = getUid(req)

        # load the right language
        _ = gettext_set_language(argd['ln'])

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/youralerts/display" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="youralerts")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req, "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(
                     {
                         'referer':
                         "%s/youralerts/display%s" %
                         (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                         "ln":
                         argd['ln']
                     }, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usealerts']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use alerts."))

        if argd['p'] == 'y':
            _title = _("Popular Searches")
        else:
            _title = _("Your Searches")

        # register event in webstat
        if user_info['email']:
            user_str = "%s (%d)" % (user_info['email'], user_info['uid'])
        else:
            user_str = ""
        try:
            register_customevent("alerts", ["display", "", user_str])
        except:
            register_exception(
                suffix=
                "Do the webstat tables exists? Try with 'webstatadmin --load-config'"
            )

        return page(
            title=_title,
            body=webalert.perform_display(argd['p'], uid, ln=argd['ln']),
            navtrail=
            """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>"""
            % {
                'sitesecureurl': CFG_SITE_SECURE_URL,
                'ln': argd['ln'],
                'account': _("Your Account"),
            },
            description=_("%s Personalize, Display searches") %
            CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
            keywords=_("%s, personalize") %
            CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME),
            uid=uid,
            language=argd['ln'],
            req=req,
            lastupdated=__lastupdated__,
            navmenuid='youralerts',
            secure_page_p=1)
Beispiel #35
0
    def direct(self, req, form):
        """Directly redirected to an initialized submission."""
        args = wash_urlargd(form, {'sub': (str, ''), 'access': (str, '')})

        sub = args['sub']
        access = args['access']
        ln = args['ln']

        _ = gettext_set_language(ln)

        uid = getUid(req)

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req,
                                       "direct",
                                       navmenuid='submit',
                                       text=_("Submissions are not available"))

        myQuery = req.args
        if not sub:
            return warning_page(_("Sorry, 'sub' parameter missing..."),
                                req,
                                ln=ln)
        res = run_sql(
            "SELECT docname,actname FROM sbmIMPLEMENT WHERE subname=%s",
            (sub, ))
        if not res:
            return warning_page(_("Sorry. Cannot analyse parameter"),
                                req,
                                ln=ln)
        else:
            # get document type
            doctype = res[0][0]
            # get action name
            action = res[0][1]
            # get category
            categ = req.form.get('combo%s' % doctype, '*')
        # retrieve other parameter values
        params = dict(form)

        # Check if user is authorized, based on doctype/action/categ,
        # in order to give guest users a chance to log in if needed:
        (auth_code, auth_message) = acc_authorize_action(
            req,
            'submit',
            authorized_if_no_roles=not isGuestUser(uid),
            verbose=0,
            doctype=doctype,
            act=action,
            categ=categ)
        if not auth_code == 0 and isGuestUser(uid):
            # Propose to login
            redirection_params = params
            redirection_params[
                'referer'] = CFG_SITE_SECURE_URL + req.unparsed_uri
            return redirect_to_url(
                req,
                "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(redirection_params, {})),
                norobot=True)
        # else: continue, and let main interface control the access

        # find existing access number
        if not access:
            # create 'unique' access number
            pid = os.getpid()
            now = time.time()
            access = "%i_%s" % (now, pid)
        # retrieve 'dir' value
        res = run_sql("SELECT dir FROM sbmACTION WHERE sactname=%s",
                      (action, ))
        dir = res[0][0]

        mainmenu = req.headers_in.get('referer')

        params['access'] = access
        params['act'] = action
        params['doctype'] = doctype
        params['startPg'] = '1'
        params['mainmenu'] = mainmenu
        params['ln'] = ln
        params['indir'] = dir

        url = "%s/submit?%s" % (CFG_SITE_SECURE_URL, urlencode(params))
        redirect_to_url(req, url)
Beispiel #36
0
                          (argd['session_id'], ))
            if len(res):
                uid = res[0][0]
                user_info = collect_user_info(uid)
                try:
                    act_fd = file(os.path.join(curdir, 'act'))
                    action = act_fd.read()
                    act_fd.close()
                except:
                    act = ""

        # Is user authorized to perform this action?
        (auth_code, auth_message) = acc_authorize_action(
            uid,
            "submit",
            authorized_if_no_roles=not isGuestUser(uid),
            verbose=0,
            doctype=argd['doctype'],
            act=action)
        if acc_is_role("submit", doctype=argd['doctype'],
                       act=action) and auth_code != 0:
            # User cannot submit
            raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED)
        else:
            # Process the upload and get the response
            json_response = {}
            for key, formfields in form.items():
                filename = key.replace("[]", "")
                if hasattr(formfields, "filename") and formfields.filename:
                    dir_to_open = os.path.abspath(
                        os.path.join(curdir, 'files', str(user_info['uid']),
Beispiel #37
0
    def _handler(req):
        """ This handler is invoked by mod_python with the apache request."""
        try:
            allowed_methods = ("GET", "POST", "HEAD", "OPTIONS")
            req.allow_methods(allowed_methods, 1)
            if req.method not in allowed_methods:
                raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED

            if req.method == 'OPTIONS':
                ## OPTIONS is used to now which method are allowed
                req.headers_out['Allow'] = ', '.join(allowed_methods)
                raise apache.SERVER_RETURN, apache.OK

            # Set user agent for fckeditor.py, which needs it here
            os.environ["HTTP_USER_AGENT"] = req.headers_in.get(
                'User-Agent', '')

            guest_p = isGuestUser(getUid(req))

            uri = req.uri
            if uri == '/':
                path = ['']
            else:
                ## Let's collapse multiple slashes into a single /
                uri = RE_SLASHES.sub('/', uri)
                path = uri[1:].split('/')

            if uri.startswith('/yours') or not guest_p:
                ## Private/personalized request should not be cached
                req.headers_out[
                    'Cache-Control'] = 'private, no-cache, no-store, max-age=0, must-revalidate'
                req.headers_out['Pragma'] = 'no-cache'
                req.headers_out['Vary'] = '*'
            else:
                req.headers_out['Cache-Control'] = 'public, max-age=3600'
                req.headers_out['Vary'] = 'Cookie, ETag, Cache-Control'

            try:
                if req.header_only and not RE_SPECIAL_URI.match(req.uri):
                    return root._traverse(req, path, True, guest_p)
                else:
                    ## bibdocfile have a special treatment for HEAD
                    return root._traverse(req, path, False, guest_p)
            except TraversalError:
                raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
            except apache.SERVER_RETURN:
                ## This is one of mod_python way of communicating
                raise
            except IOError, exc:
                if 'Write failed, client closed connection' not in "%s" % exc:
                    ## Workaround for considering as false positive exceptions
                    ## rised by mod_python when the user close the connection
                    ## or in some other rare and not well identified cases.
                    register_exception(req=req, alert_admin=True)
                raise
            except Exception:
                # send the error message, much more convenient than log hunting
                if remote_debugger:
                    args = {}
                    if req.args:
                        args = cgi.parse_qs(req.args)
                        if 'debug' in args:
                            remote_debugger.error_msg(args['debug'])
                register_exception(req=req, alert_admin=True)
                raise

            # Serve an error by default.
            raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
Beispiel #38
0
    def upload_video(self, req, form):
        """
        A clone of uploadfile but for (large) videos.
        Does not copy the uploaded file to the websubmit directory.
        Instead, the path to the file is stored inside the submission directory.
        """
        def gcd(a, b):
            """ the euclidean algorithm """
            while a:
                a, b = b % a, a
            return b

        from invenio.bibencode_extract import extract_frames
        from invenio.bibencode_config import CFG_BIBENCODE_WEBSUBMIT_ASPECT_SAMPLE_DIR, CFG_BIBENCODE_WEBSUBMIT_ASPECT_SAMPLE_FNAME
        from invenio.bibencode_encode import determine_aspect
        from invenio.bibencode_utils import probe
        from invenio.bibencode_metadata import ffprobe_metadata
        from invenio.websubmit_config import CFG_WEBSUBMIT_TMP_VIDEO_PREFIX

        argd = wash_urlargd(
            form, {
                'doctype': (str, ''),
                'access': (str, ''),
                'indir': (str, ''),
                'session_id': (str, ''),
                'rename': (str, ''),
            })

        curdir = None
        if not form.has_key("indir") or \
               not form.has_key("doctype") or \
               not form.has_key("access"):
            raise apache.SERVER_RETURN(apache.HTTP_BAD_REQUEST)
        else:
            curdir = os.path.join(CFG_WEBSUBMIT_STORAGEDIR, argd['indir'],
                                  argd['doctype'], argd['access'])

        user_info = collect_user_info(req)
        if form.has_key("session_id"):
            # Are we uploading using Flash, which does not transmit
            # cookie? The expect to receive session_id as a form
            # parameter.  First check that IP addresses do not
            # mismatch.

            uid = session.uid
            user_info = collect_user_info(uid)
            try:
                act_fd = file(os.path.join(curdir, 'act'))
                action = act_fd.read()
                act_fd.close()
            except:
                act = ""

        # Is user authorized to perform this action?
        (auth_code, auth_message) = acc_authorize_action(
            uid,
            "submit",
            authorized_if_no_roles=not isGuestUser(uid),
            verbose=0,
            doctype=argd['doctype'],
            act=action)
        if acc_is_role("submit", doctype=argd['doctype'],
                       act=action) and auth_code != 0:
            # User cannot submit
            raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED)
        else:
            # Process the upload and get the response
            json_response = {}
            for key, formfields in form.items():
                filename = key.replace("[]", "")
                if hasattr(formfields, "filename") and formfields.filename:
                    dir_to_open = os.path.abspath(
                        os.path.join(curdir, 'files', str(user_info['uid']),
                                     key))
                    try:
                        assert (
                            dir_to_open.startswith(CFG_WEBSUBMIT_STORAGEDIR))
                    except AssertionError:
                        register_exception(req=req,
                                           prefix='curdir="%s", key="%s"' %
                                           (curdir, key))
                        raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN)

                    if not os.path.exists(dir_to_open):
                        try:
                            os.makedirs(dir_to_open)
                        except OSError, e:
                            if e.errno != errno.EEXIST:
                                # If the issue is only that directory
                                # already exists, then continue, else
                                # report
                                register_exception(req=req, alert_admin=True)
                                raise apache.SERVER_RETURN(
                                    apache.HTTP_FORBIDDEN)

                    filename = formfields.filename
                    ## Before saving the file to disc, wash the filename (in particular
                    ## washing away UNIX and Windows (e.g. DFS) paths):
                    filename = os.path.basename(filename.split('\\')[-1])
                    filename = filename.strip()
                    if filename != "":
                        # Check that file does not already exist
                        while os.path.exists(
                                os.path.join(dir_to_open, filename)):
                            #dirname, basename, extension = decompose_file(new_destination_path)
                            basedir, name, extension = decompose_file(filename)
                            new_name = propose_next_docname(name)
                            filename = new_name + extension

                        #-------------#
                        # VIDEO STUFF #
                        #-------------#

                        ## Remove all previous uploads
                        filelist = os.listdir(
                            os.path.split(formfields.file.name)[0])
                        for afile in filelist:
                            if argd['access'] in afile:
                                os.remove(
                                    os.path.join(
                                        os.path.split(formfields.file.name)[0],
                                        afile))

                        ## Check if the file is a readable video
                        ## We must exclude all image and audio formats that are readable by ffprobe
                        if (os.path.splitext(filename)[1] in [
                                'jpg', 'jpeg', 'gif', 'tiff', 'bmp', 'png',
                                'tga', 'jp2', 'j2k', 'jpf', 'jpm', 'mj2',
                                'biff', 'cgm', 'exif', 'img', 'mng', 'pic',
                                'pict', 'raw', 'wmf', 'jpe', 'jif', 'jfif',
                                'jfi', 'tif', 'webp', 'svg', 'ai', 'ps', 'psd',
                                'wav', 'mp3', 'pcm', 'aiff', 'au', 'flac',
                                'wma', 'm4a', 'wv', 'oga', 'm4a', 'm4b', 'm4p',
                                'm4r', 'aac', 'mp4', 'vox', 'amr', 'snd'
                        ] or not probe(formfields.file.name)):
                            formfields.file.close()
                            raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN)

                        ## We have no "delete" attribute in Python 2.4
                        if sys.hexversion < 0x2050000:
                            ## We need to rename first and create a dummy file
                            ## Rename the temporary file for the garbage collector
                            new_tmp_fullpath = os.path.split(
                                formfields.file.name
                            )[0] + "/" + CFG_WEBSUBMIT_TMP_VIDEO_PREFIX + argd[
                                'access'] + "_" + os.path.split(
                                    formfields.file.name)[1]
                            os.rename(formfields.file.name, new_tmp_fullpath)
                            dummy = open(formfields.file.name, "w")
                            dummy.close()
                            formfields.file.close()
                        else:
                            # Mark the NamedTemporatyFile as not to be deleted
                            formfields.file.delete = False
                            formfields.file.close()
                            ## Rename the temporary file for the garbage collector
                            new_tmp_fullpath = os.path.split(
                                formfields.file.name
                            )[0] + "/" + CFG_WEBSUBMIT_TMP_VIDEO_PREFIX + argd[
                                'access'] + "_" + os.path.split(
                                    formfields.file.name)[1]
                            os.rename(formfields.file.name, new_tmp_fullpath)

                        # Write the path to the temp file to a file in STORAGEDIR
                        fp = open(os.path.join(dir_to_open, "filepath"), "w")
                        fp.write(new_tmp_fullpath)
                        fp.close()

                        fp = open(os.path.join(dir_to_open, "filename"), "w")
                        fp.write(filename)
                        fp.close()

                        ## We are going to extract some thumbnails for websubmit ##
                        sample_dir = os.path.join(
                            curdir, 'files', str(user_info['uid']),
                            CFG_BIBENCODE_WEBSUBMIT_ASPECT_SAMPLE_DIR)
                        try:
                            ## Remove old thumbnails
                            shutil.rmtree(sample_dir)
                        except OSError:
                            register_exception(req=req, alert_admin=False)
                        try:
                            os.makedirs(
                                os.path.join(curdir, 'files',
                                             str(user_info['uid']),
                                             sample_dir))
                        except OSError:
                            register_exception(req=req, alert_admin=False)
                        try:
                            extract_frames(
                                input_file=new_tmp_fullpath,
                                output_file=os.path.join(
                                    sample_dir,
                                    CFG_BIBENCODE_WEBSUBMIT_ASPECT_SAMPLE_FNAME
                                ),
                                size="600x600",
                                numberof=5)
                            json_response['frames'] = []
                            for extracted_frame in os.listdir(sample_dir):
                                json_response['frames'].append(extracted_frame)
                        except:
                            ## If the frame extraction fails, something was bad with the video
                            os.remove(new_tmp_fullpath)
                            register_exception(req=req, alert_admin=False)
                            raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN)

                        ## Try to detect the aspect. if this fails, the video is not readable
                        ## or a wrong file might have been uploaded
                        try:
                            (aspect, width,
                             height) = determine_aspect(new_tmp_fullpath)
                            if aspect:
                                aspx, aspy = aspect.split(':')
                            else:
                                the_gcd = gcd(width, height)
                                aspx = str(width / the_gcd)
                                aspy = str(height / the_gcd)
                            json_response['aspx'] = aspx
                            json_response['aspy'] = aspy
                        except TypeError:
                            ## If the aspect detection completely fails
                            os.remove(new_tmp_fullpath)
                            register_exception(req=req, alert_admin=False)
                            raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN)

                        ## Try to extract some metadata from the video container
                        metadata = ffprobe_metadata(new_tmp_fullpath)
                        json_response['meta_title'] = metadata['format'].get(
                            'TAG:title')
                        json_response['meta_description'] = metadata[
                            'format'].get('TAG:description')
                        json_response['meta_year'] = metadata['format'].get(
                            'TAG:year')
                        json_response['meta_author'] = metadata['format'].get(
                            'TAG:author')
                    ## Empty file name
                    else:
                        raise apache.SERVER_RETURN(apache.HTTP_BAD_REQUEST)
                    ## We found our file, we can break the loop
                    break

            # Send our response
            if CFG_JSON_AVAILABLE:

                dumped_response = json.dumps(json_response)

                # store the response in the websubmit directory
                # this is needed if the submission is not finished and continued later
                response_dir = os.path.join(curdir, 'files',
                                            str(user_info['uid']), "response")
                try:
                    os.makedirs(response_dir)
                except OSError:
                    # register_exception(req=req, alert_admin=False)
                    pass
                fp = open(os.path.join(response_dir, "response"), "w")
                fp.write(dumped_response)
                fp.close()

                return dumped_response
Beispiel #39
0
    def uploadfile(self, req, form):
        """
        Similar to /submit, but only consider files. Nice for
        asynchronous Javascript uploads. Should be used to upload a
        single file.

        Also try to create an icon, and return URL to file(s) + icon(s)

        Authentication is performed based on session ID passed as
        parameter instead of cookie-based authentication, due to the
        use of this URL by the Flash plugin (to upload multiple files
        at once), which does not route cookies.

        FIXME: consider adding /deletefile and /modifyfile functions +
        parsing of additional parameters to rename files, add
        comments, restrictions, etc.
        """
        argd = wash_urlargd(
            form, {
                'doctype': (str, ''),
                'access': (str, ''),
                'indir': (str, ''),
                'session_id': (str, ''),
                'rename': (str, ''),
            })

        curdir = None
        if not form.has_key("indir") or \
               not form.has_key("doctype") or \
               not form.has_key("access"):
            raise apache.SERVER_RETURN(apache.HTTP_BAD_REQUEST)
        else:
            curdir = os.path.join(CFG_WEBSUBMIT_STORAGEDIR, argd['indir'],
                                  argd['doctype'], argd['access'])

        user_info = collect_user_info(req)
        if form.has_key("session_id"):
            # Are we uploading using Flash, which does not transmit
            # cookie? The expect to receive session_id as a form
            # parameter.  First check that IP addresses do not
            # mismatch.

            uid = session.uid
            user_info = collect_user_info(uid)
            try:
                act_fd = file(os.path.join(curdir, 'act'))
                action = act_fd.read()
                act_fd.close()
            except:
                action = ""

        # Is user authorized to perform this action?
        (auth_code, auth_message) = acc_authorize_action(
            uid,
            "submit",
            authorized_if_no_roles=not isGuestUser(uid),
            verbose=0,
            doctype=argd['doctype'],
            act=action)
        if acc_is_role("submit", doctype=argd['doctype'],
                       act=action) and auth_code != 0:
            # User cannot submit
            raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED)
        else:
            # Process the upload and get the response
            added_files = {}
            for key, formfields in form.items():
                filename = key.replace("[]", "")
                file_to_open = os.path.join(curdir, filename)
                if hasattr(formfields, "filename") and formfields.filename:
                    dir_to_open = os.path.abspath(
                        os.path.join(curdir, 'files', str(user_info['uid']),
                                     key))
                    try:
                        assert (
                            dir_to_open.startswith(CFG_WEBSUBMIT_STORAGEDIR))
                    except AssertionError:
                        register_exception(req=req,
                                           prefix='curdir="%s", key="%s"' %
                                           (curdir, key))
                        raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN)

                    if not os.path.exists(dir_to_open):
                        try:
                            os.makedirs(dir_to_open)
                        except OSError, e:
                            if e.errno != errno.EEXIST:
                                # If the issue is only that directory
                                # already exists, then continue, else
                                # report
                                register_exception(req=req, alert_admin=True)
                                raise apache.SERVER_RETURN(
                                    apache.HTTP_FORBIDDEN)

                    filename = formfields.filename
                    ## Before saving the file to disc, wash the filename (in particular
                    ## washing away UNIX and Windows (e.g. DFS) paths):
                    filename = os.path.basename(filename.split('\\')[-1])
                    filename = filename.strip()
                    if filename != "":
                        # Check that file does not already exist
                        n = 1
                        while os.path.exists(
                                os.path.join(dir_to_open, filename)):
                            #dirname, basename, extension = decompose_file(new_destination_path)
                            basedir, name, extension = decompose_file(filename)
                            new_name = propose_next_docname(name)
                            filename = new_name + extension
                        # This may be dangerous if the file size is bigger than the available memory
                        fp = open(os.path.join(dir_to_open, filename), "w")
                        fp.write(formfields.file.read())
                        fp.close()
                        fp = open(os.path.join(curdir, "lastuploadedfile"),
                                  "w")
                        fp.write(filename)
                        fp.close()
                        fp = open(file_to_open, "w")
                        fp.write(filename)
                        fp.close()
                        try:
                            # Create icon
                            (icon_path, icon_name) = create_icon({
                                'input-file':
                                os.path.join(dir_to_open, filename),
                                'icon-name':
                                filename,  # extension stripped automatically
                                'icon-file-format':
                                'gif',
                                'multipage-icon':
                                False,
                                'multipage-icon-delay':
                                100,
                                'icon-scale':
                                "300>",  # Resize only if width > 300
                                'verbosity':
                                0,
                            })

                            icons_dir = os.path.join(
                                os.path.join(curdir, 'icons',
                                             str(user_info['uid']), key))
                            if not os.path.exists(icons_dir):
                                # Create uid/icons dir if needed
                                try:
                                    os.makedirs(icons_dir)
                                except OSError, e:
                                    if e.errno != errno.EEXIST:
                                        # If the issue is only that
                                        # directory already exists,
                                        # then continue, else report
                                        register_exception(req=req,
                                                           alert_admin=True)
                                        raise apache.SERVER_RETURN(
                                            apache.HTTP_FORBIDDEN)
                            os.rename(os.path.join(icon_path, icon_name),
                                      os.path.join(icons_dir, icon_name))
                            added_files[key] = {
                                'name': filename,
                                'iconName': icon_name
                            }
                        except InvenioWebSubmitIconCreatorError, e:
                            # We could not create the icon
                            added_files[key] = {'name': filename}
                            continue
                    else:
    def send(self, req, form):
        """
        Sends the message.

        Possible form keys:
        @param msg_to_user: comma separated usernames.
        @type msg_to_user: string
        @param msg_to_group: comma separated groupnames.
        @type msg_to_group: string
        @param msg_subject: message subject.
        @type msg_subject: string
        @param msg_body: message body.
        @type msg_body: string
        @param msg_send_year: year to send this message on.
        @type msg_send_year: int
        @param_msg_send_month: month to send this message on
        @type msg_send_month: year
        @param_msg_send_day: day to send this message on
        @type msg_send_day: int
        @param results_field: value determining which results field to display.
                              See CFG_WEBMESSAGE_RESULTS_FIELD in
                              webmessage_config.py.
        @param names_to_add: list of usernames to add to
                             msg_to_user / group.
        @type names_to_add: list of strings
        @param search_pattern: will search for users/groups with this pattern.
        @type search_pattern: string
        @param add_values: if 1 users_to_add will be added to msg_to_user
                           field.
        @type add_values: int
        @param *button: which button was pressed.
        @param ln: language.
        @type ln: string
        @return: body.
        """
        argd = wash_urlargd(form, {'msg_to_user': (str, ""),
                                   'msg_to_group': (str, ""),
                                   'msg_subject': (str, ""),
                                   'msg_body': (str, ""),
                                   'msg_send_year': (int, 0),
                                   'msg_send_month': (int, 0),
                                   'msg_send_day': (int, 0),
                                   'results_field': (str,
                                        CFG_WEBMESSAGE_RESULTS_FIELD['NONE']),
                                   'names_selected': (list, []),
                                   'search_pattern': (str, ""),
                                   'send_button': (str, ""),
                                   'search_user': (str, ""),
                                   'search_group': (str, ""),
                                   'add_user': (str, ""),
                                   'add_group': (str, ""),
                                   })
        # Check if user is logged
        uid = getUid(req)
        _ = gettext_set_language(argd['ln'])
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/send" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd({
                    'referer' : "%s/yourmessages/send%s" % (
                        CFG_SITE_URL,
                        make_canonical_urlargd(argd, {})),
                    "ln" : argd['ln']}, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usemessages']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use messages."))

        if argd['send_button']:
            (body, title, navtrail) = perform_request_send(
                            uid=uid,
                            msg_to_user=argd['msg_to_user'],
                            msg_to_group=argd['msg_to_group'],
                            msg_subject=escape_html(argd['msg_subject']),
                            msg_body=escape_email_quoted_text(argd['msg_body']),
                            msg_send_year=argd['msg_send_year'],
                            msg_send_month=argd['msg_send_month'],
                            msg_send_day=argd['msg_send_day'],
                            ln=argd['ln'])
        else:
            title = _('Write a message')
            navtrail = get_navtrail(argd['ln'], title)
            if argd['search_user']:
                argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['USER']
            elif argd['search_group']:
                argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['GROUP']
            add_values = 0
            if argd['add_group'] or argd['add_user']:
                add_values = 1
            body = perform_request_write_with_search(
                            uid=uid,
                            msg_to_user=argd['msg_to_user'],
                            msg_to_group=argd['msg_to_group'],
                            msg_subject=escape_html(argd['msg_subject']),
                            msg_body=escape_email_quoted_text(argd['msg_body']),
                            msg_send_year=argd['msg_send_year'],
                            msg_send_month=argd['msg_send_month'],
                            msg_send_day=argd['msg_send_day'],
                            names_selected=argd['names_selected'],
                            search_pattern=argd['search_pattern'],
                            results_field=argd['results_field'],
                            add_values=add_values,
                            ln=argd['ln'])
        return page(title       = title,
                    body        = body,
                    navtrail    = navtrail,
                    uid         = uid,
                    lastupdated = __lastupdated__,
                    req         = req,
                    language    = argd['ln'],
                    navmenuid   = "yourmessages",
                    secure_page_p=1)
Beispiel #41
0
def page(title,
         body,
         navtrail="",
         description="",
         keywords="",
         metaheaderadd="",
         uid=None,
         cdspageheaderadd="",
         cdspageboxlefttopadd="",
         cdspageboxleftbottomadd="",
         cdspageboxrighttopadd="",
         cdspageboxrightbottomadd="",
         cdspagefooteradd="",
         lastupdated="",
         language=CFG_SITE_LANG,
         verbose=1,
         titleprologue="",
         titleepilogue="",
         secure_page_p=0,
         req=None,
         errors=[],
         warnings=[],
         navmenuid="admin",
         navtrail_append_title_p=1,
         of="",
         rssurl=CFG_SITE_URL + "/rss",
         show_title_p=True,
         body_css_classes=None):
    """page(): display CDS web page
        input: title of the page
               body of the page in html format
               description goes to the metadata in the header of the HTML page
               keywords goes to the metadata in the header of the html page
               metaheaderadd goes to further metadata in the header of the html page
               cdspageheaderadd is a message to be displayed just under the page header
               cdspageboxlefttopadd is a message to be displayed in the page body on left top
               cdspageboxleftbottomadd is a message to be displayed in the page body on left bottom
               cdspageboxrighttopadd is a message to be displayed in the page body on right top
               cdspageboxrightbottomadd is a message to be displayed in the page body on right bottom
               cdspagefooteradd is a message to be displayed on the top of the page footer
               lastupdated is a text containing the info on last update (optional)
               language is the language version of the page
               verbose is verbosity of the page (useful for debugging)
               titleprologue is to be printed right before page title
               titleepilogue is to be printed right after page title
               req is the mod_python request object
               errors is the list of error codes as defined in the moduleName_config.py file of the calling module
               log is the string of data that should be appended to the log file (errors automatically logged)
               secure_page_p is 0 or 1 and tells whether we are to use HTTPS friendly page elements or not
               navmenuid the section of the website this page belongs (search, submit, baskets, etc.)
               navtrail_append_title_p is 0 or 1 and tells whether page title is appended to navtrail
               of is an output format (use xx for xml output (e.g. AJAX))
               rssfeed is the url of the RSS feed for this page
               show_title_p is 0 or 1 and tells whether page title should be displayed in body of the page
       output: the final cds page with header, footer, etc.
    """

    _ = gettext_set_language(language)
    if req and uid is None:
        uid = getUid(req)
        if CFG_EXTERNAL_AUTH_USING_SSO and not isGuestUser(uid):
            ## If the user is logged in and we are using SSO
            ## this trick will keep the SSO session alive
            ## (SSO session need an https connection)
            body += """<img src="%s/img/keep_sso_connection_alive.gif"
                    alt=" " width="0" height="0"
                    style="visibility : hidden;" />""" % CFG_SITE_SECURE_URL
    elif uid is None:
        ## 0 means generic guest user.
        uid = 0
    if of == 'xx':
        #xml output (e.g. AJAX calls) => of=xx
        req.content_type = 'text/xml'
        impl = getDOMImplementation()
        output = impl.createDocument(None, "invenio-message", None)
        root = output.documentElement
        body_node = output.createElement('body')
        body_text = output.createCDATASection(unicode(body, 'utf_8'))
        body_node.appendChild(body_text)
        root.appendChild(body_node)
        if errors:
            errors_node = output.createElement('errors')
            errors = get_msgs_for_code_list(errors, 'error', language)
            register_errors(errors, 'error', req)
            for (error_code, error_msg) in errors:
                error_node = output.createElement('error')
                error_node.setAttribute('code', error_code)
                error_text = output.createTextNode(error_msg)
                error_node.appendChild(error_text)
                errors_node.appendChild(error_node)
            root.appendChild(errors_node)
        if warnings:
            warnings_node = output.createElement('warnings')
            warnings = get_msgs_for_code_list(warnings, 'warning', language)
            register_errors(warnings, 'warning')
            for (warning_code, warning_msg) in warnings:
                warning_node = output.createElement('warning')
                warning_node.setAttribute('code', warning_code)
                warning_text = output.createTextNode(warning_msg)
                warning_node.appendChild(warning_text)
                warnings_node.appendChild(warning_node)
            root.appendChild(warnings_node)
        return output.toprettyxml(encoding="utf-8")

    else:
        #usual output
        # if there are event
        if warnings:
            warnings = get_msgs_for_code_list(warnings, 'warning', language)
            register_errors(warnings, 'warning')

        # if there are errors
        if errors:
            errors = get_msgs_for_code_list(errors, 'error', language)
            register_errors(errors, 'error', req)
            body = create_error_box(req, errors=errors, ln=language)

        return webstyle_templates.tmpl_page(req, ln=language,
                          description = description,
                          keywords = keywords,
                          metaheaderadd = metaheaderadd,
                          userinfobox = create_userinfobox_body(req, uid, language),
                          useractivities_menu = create_useractivities_menu(req, uid, navmenuid, language),
                          adminactivities_menu = create_adminactivities_menu(req, uid, navmenuid, language),
                          navtrailbox = create_navtrailbox_body(navtrail_append_title_p \
                                                                and title or '',
                                                                navtrail,
                                                                language=language),
                          uid = uid,
                          secure_page_p = secure_page_p,
                          pageheaderadd = cdspageheaderadd,
                          boxlefttop = CFG_WEBSTYLE_CDSPAGEBOXLEFTTOP,
                          boxlefttopadd = cdspageboxlefttopadd,
                          boxleftbottomadd = cdspageboxleftbottomadd,
                          boxleftbottom = CFG_WEBSTYLE_CDSPAGEBOXLEFTBOTTOM,
                          boxrighttop = CFG_WEBSTYLE_CDSPAGEBOXRIGHTTOP,
                          boxrighttopadd = cdspageboxrighttopadd,
                          boxrightbottomadd = cdspageboxrightbottomadd,
                          boxrightbottom = CFG_WEBSTYLE_CDSPAGEBOXRIGHTBOTTOM,
                          titleprologue = titleprologue,
                          title = title,
                          titleepilogue = titleepilogue,
                          body = body,
                          lastupdated = lastupdated,
                          pagefooteradd = cdspagefooteradd,
                          navmenuid = navmenuid,
                          rssurl = rssurl,
                          show_title_p = show_title_p,
                          body_css_classes=body_css_classes)
    def write(self, req, form):
        """ write(): interface for message composing
        @param msg_reply_id: if this message is a reply to another, id of the
                             other
        @param msg_to: if this message is not a reply, nickname of the user it
                       must be delivered to.
        @param msg_to_group: name of group to send message to
        @param ln: language
        @return: the compose page
        """
        argd = wash_urlargd(
            form, {
                'msg_reply_id': (int, 0),
                'msg_to': (str, ""),
                'msg_to_group': (str, ""),
                'msg_subject': (str, ""),
                'msg_body': (str, "")
            })

        # Check if user is logged
        uid = getUid(req)

        _ = gettext_set_language(argd['ln'])

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/yourmessages/write" % \
                                             (CFG_SITE_URL,),
                                       navmenuid="yourmessages")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req, "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(
                     {
                         'referer':
                         "%s/yourmessages/write%s" %
                         (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                         "ln":
                         argd['ln']
                     }, {})))

        user_info = collect_user_info(req)
        if not user_info['precached_usemessages']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use messages."))

        # Request the composing page
        body = perform_request_write(uid=uid,
                                     msg_reply_id=argd['msg_reply_id'],
                                     msg_to=argd['msg_to'],
                                     msg_to_group=argd['msg_to_group'],
                                     msg_subject=argd['msg_subject'],
                                     msg_body=argd['msg_body'],
                                     ln=argd['ln'])
        title = _("Write a message")

        return page(title=title,
                    body=body,
                    navtrail=get_navtrail(argd['ln'], title),
                    uid=uid,
                    lastupdated=__lastupdated__,
                    req=req,
                    language=argd['ln'],
                    navmenuid="yourmessages",
                    secure_page_p=1)
    def answer(self, req, user_info, of, cc, colls_to_search, p, f,
               search_units, ln):
        """
        Answer question given by context.

        Return (relevance, html_string) where relevance is integer
        from 0 to 100 indicating how relevant to the question the
        answer is (see C{CFG_WEBSEARCH_SERVICE_MAX_SERVICE_ANSWER_RELEVANCE} for details) ,
        and html_string being a formatted answer.
        """
        _ = gettext_set_language(ln)
        if f or (CFG_WEBSEARCH_COLLECTION_NAMES_SEARCH < 0) or \
               (CFG_WEBSEARCH_COLLECTION_NAMES_SEARCH == 0 and cc != CFG_SITE_NAME):
            return (0, '')

        words = [
            stem(unit[1].lower(), CFG_SITE_LANG) for unit in search_units
            if unit[2] == ''
        ]

        if not words:
            return (0, '')

        cache = self.get_data_cache()

        # TODO: If all categories of a submission match, display only submission (not categories)

        matching_submissions = {}

        for word in words:
            # Look for submission names
            if CFG_CERN_SITE and word == 'cern':
                # This keyword is useless here...
                continue

            submissions = cache.get(word, [])
            for doctype, submission_label, category in submissions:
                if acc_authorize_action(req, 'submit', \
                                        authorized_if_no_roles=not isGuestUser(user_info['uid']), \
                                        doctype=(CFG_CERN_SITE and doctype.startswith('GENSBM#') and 'GENSBM') or doctype,
                                        categ=category)[0] != 0:
                    # Not authorized to submit in this submission
                    continue

                if not matching_submissions.has_key(
                    (doctype, submission_label)):
                    matching_submissions[(doctype, submission_label)] = 0
                add_score = 1
                if category != '*':
                    # This is the submission category, consider that
                    # words that are part of the submission name are
                    # less important than others here:
                    if not word.lower() in category.lower():
                        # word is only in submission name
                        add_score = 0.5
                    else:
                        add_score = 1.5

                matching_submissions[(doctype, submission_label)] += add_score

        matching_submissions_sorted = sorted(matching_submissions.iteritems(),
                                             key=lambda (k, v): (v, k),
                                             reverse=True)
        if not matching_submissions_sorted:
            return (0, '')
        best_score = matching_submissions_sorted[0][1]
        max_score_difference = 1.9

        matching_submissions_names = [(submission_label, \
                                       CFG_SITE_URL + '/submit?doctype=' + doctype.split("#", 1)[0] + '&ln=' + ln + (CFG_CERN_SITE and doctype.startswith('GENSBM#') and '#' + doctype.split("#", 1)[-1] or '') ) \
                                      for (doctype, submission_label), score in matching_submissions_sorted if score > best_score - max_score_difference]

        best_sbm_words = whitespace_re.split(
            matching_submissions_sorted[0][0][1])

        score_bonus = (((_("Submit").lower() in words) or ("submit" in words)) or \
                       ((_("Revise").lower() in words) or ("revise" in words)) or \
                       ((_("Modify").lower() in words) or ("modify" in words))) and 40 or 0
        relevance = min(
            100,
            max(0, (score_bonus + (100 * float(best_score) /
                                   float(len(best_sbm_words) + len(words)))) -
                10))

        return (relevance,
                self.display_answer_helper(matching_submissions_names, ln))
    def direct(self, req, form):
        """Directly redirected to an initialized submission."""
        args = wash_urlargd(form, {'sub': (str, ''),
                                   'access' : (str, '')})

        sub = args['sub']
        access = args['access']
        ln = args['ln']

        _ = gettext_set_language(ln)

        uid = getUid(req)

        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "direct",
                                       navmenuid='submit',
                                       text=_("Submissions are not available"))

        myQuery = req.args
        if not sub:
            return warning_page(_("Sorry, 'sub' parameter missing..."), req, ln=ln)
        res = run_sql("SELECT docname,actname FROM sbmIMPLEMENT WHERE subname=%s", (sub,))
        if not res:
            return warning_page(_("Sorry. Cannot analyse parameter"), req, ln=ln)
        else:
            # get document type
            doctype = res[0][0]
            # get action name
            action = res[0][1]
            # get category
            categ = req.form.get('combo%s' % doctype, '*')
        # retrieve other parameter values
        params = dict(form)

        # Check if user is authorized, based on doctype/action/categ,
        # in order to give guest users a chance to log in if needed:
        (auth_code, auth_message) = acc_authorize_action(req, 'submit',
                                                         authorized_if_no_roles=not isGuestUser(uid),
                                                         verbose=0,
                                                         doctype=doctype,
                                                         act=action,
                                                         categ=categ)
        if not auth_code == 0 and isGuestUser(uid):
            # Propose to login
            redirection_params = params
            redirection_params['referer'] = CFG_SITE_SECURE_URL + req.unparsed_uri
            return redirect_to_url(req, "%s/youraccount/login%s" % (
                CFG_SITE_SECURE_URL,
                make_canonical_urlargd(redirection_params, {})),
                                   norobot=True)
        # else: continue, and let main interface control the access

        # find existing access number
        if not access:
            # create 'unique' access number
            pid = os.getpid()
            now = time.time()
            access = "%i_%s" % (now, pid)
        # retrieve 'dir' value
        res = run_sql ("SELECT dir FROM sbmACTION WHERE sactname=%s", (action,))
        dir = res[0][0]

        mainmenu = req.headers_in.get('referer')

        params['access'] = access
        params['act'] = action
        params['doctype'] = doctype
        params['startPg'] = '1'
        params['mainmenu'] = mainmenu
        params['ln'] = ln
        params['indir'] = dir

        url = "%s/submit?%s" % (CFG_SITE_SECURE_URL, urlencode(params))
        redirect_to_url(req, url)
    def ill_register_request_with_recid(self, req, form):
        """
        Register ILL request.
        """

        argd = wash_urlargd(
            form, {
                'ln': (str, ""),
                'period_of_interest_from': (str, ""),
                'period_of_interest_to': (str, ""),
                'additional_comments': (str, ""),
                'conditions': (str, ""),
                'only_edition': (str, ""),
            })

        _ = gettext_set_language(argd['ln'])
        uid = getUid(req)

        body = ill_register_request_with_recid(
            recid=self.recid,
            uid=uid,
            period_of_interest_from=argd['period_of_interest_from'],
            period_of_interest_to=argd['period_of_interest_to'],
            additional_comments=argd['additional_comments'],
            conditions=argd['conditions'],
            only_edition=argd['only_edition'],
            ln=argd['ln'])

        uid = getUid(req)
        if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req,
                                       "../holdings/ill_request_with_recid",
                                       navmenuid='yourbaskets')

        if isGuestUser(uid):
            if not CFG_WEBSESSION_DIFFERENTIATE_BETWEEN_GUESTS:
                return redirect_to_url(
                    req, "%s/youraccount/login%s" %
                    (CFG_SITE_SECURE_URL,
                     make_canonical_urlargd(
                         {
                             'referer':
                             "%s/record/%s/holdings/ill_request_with_recid%s" %
                             (CFG_SITE_URL, self.recid,
                              make_canonical_urlargd(argd, {})),
                             "ln":
                             argd['ln']
                         }, {})))

        user_info = collect_user_info(req)
        (auth_code,
         auth_msg) = check_user_can_view_record(user_info, self.recid)
        if auth_code and user_info['email'] == 'guest':
            cookie = mail_cookie_create_authorize_action(
                VIEWRESTRCOLL, {
                    'collection': guess_primary_collection_of_a_record(
                        self.recid)
                })
            target = '/youraccount/login' + \
                     make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \
                CFG_SITE_URL + user_info['uri']}, {})
            return redirect_to_url(req, target)
        elif auth_code:
            return page_not_authorized(req, "../", \
                text = auth_msg)

        unordered_tabs = get_detailed_page_tabs(get_colID(
            guess_primary_collection_of_a_record(self.recid)),
                                                self.recid,
                                                ln=argd['ln'])
        ordered_tabs_id = [(tab_id, values['order'])
                           for (tab_id, values) in unordered_tabs.iteritems()]
        ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1]))
        link_ln = ''
        if argd['ln'] != CFG_SITE_LANG:
            link_ln = '?ln=%s' % argd['ln']
        tabs = [(unordered_tabs[tab_id]['label'], \
                 '%s/record/%s/%s%s' % (CFG_SITE_URL, self.recid, tab_id, link_ln), \
                 tab_id in ['holdings'],
                 unordered_tabs[tab_id]['enabled']) \
                for (tab_id, _order) in ordered_tabs_id
                if unordered_tabs[tab_id]['visible'] == True]
        top = webstyle_templates.detailed_record_container_top(
            self.recid, tabs, argd['ln'])
        bottom = webstyle_templates.detailed_record_container_bottom(
            self.recid, tabs, argd['ln'])

        title = websearch_templates.tmpl_record_page_header_content(
            req, self.recid, argd['ln'])[0]
        navtrail = create_navtrail_links(
            cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln'])
        navtrail += ' &gt; <a class="navtrail" href="%s/record/%s?ln=%s">' % (
            CFG_SITE_URL, self.recid, argd['ln'])
        navtrail += title
        navtrail += '</a>'

        return pageheaderonly(title=title,
                              navtrail=navtrail,
                              uid=uid,
                              verbose=1,
                              req=req,
                              language=argd['ln'],
                              navmenuid='search',
                              navtrail_append_title_p=0) + \
                              websearch_templates.tmpl_search_pagestart(argd['ln']) + \
                              top + body + bottom + \
                              websearch_templates.tmpl_search_pageend(argd['ln']) + \
                              pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req)
    def add(self, req, form):
        """
        Add a comment (review) to record with id recid where recid>0
        Also works for adding a remark to basket with id recid where recid<-99
        @param ln: languange
        @param recid: record id
        @param action:  'DISPLAY' to display add form
                        'SUBMIT' to submit comment once form is filled
                        'REPLY' to reply to an already existing comment
        @param msg: the body of the comment/review or remark
        @param score: star score of the review
        @param note: title of the review
        @param comid: comment id, needed for replying
        @param editor_type: the type of editor used for submitting the
                            comment: 'textarea', 'fckeditor'.
        @param subscribe: if set, subscribe user to receive email
                          notifications when new comment are added to
                          this discussion
        @return the full html page.
        """
        argd = wash_urlargd(form, {'action': (str, "DISPLAY"),
                                   'msg': (str, ""),
                                   'note': (str, ''),
                                   'score': (int, 0),
                                   'comid': (int, -1),
                                   'editor_type': (str, ""),
                                   'subscribe': (str, ""),
                                   'cookie': (str, "")
                                   })
        _ = gettext_set_language(argd['ln'])

        actions = ['DISPLAY', 'REPLY', 'SUBMIT']
        uid = getUid(req)

        # Is site ready to accept comments?
        if uid == -1 or (not CFG_WEBCOMMENT_ALLOW_COMMENTS and not CFG_WEBCOMMENT_ALLOW_REVIEWS):
            return page_not_authorized(req, "../comments/add",
                                       navmenuid='search')

        # Is user allowed to post comment?
        user_info = collect_user_info(req)
        (auth_code_1, auth_msg_1) = check_user_can_view_comments(user_info, self.recid)
        (auth_code_2, auth_msg_2) = check_user_can_send_comments(user_info, self.recid)
        if isGuestUser(uid):
            cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)})
            # Save user's value in cookie, so that these "POST"
            # parameters are not lost during login process
            msg_cookie = mail_cookie_create_common('comment_msg',
                                                    {'msg': argd['msg'],
                                                     'note': argd['note'],
                                                     'score': argd['score'],
                                                     'editor_type': argd['editor_type'],
                                                     'subscribe': argd['subscribe']},
                                                    onetime=True)
            target = '/youraccount/login' + \
                make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \
                CFG_SITE_URL + user_info['uri'] + '&cookie=' + msg_cookie}, {})
            return redirect_to_url(req, target, norobot=True)
        elif (auth_code_1 or auth_code_2):
            return page_not_authorized(req, "../", \
                text = auth_msg_1 + auth_msg_2)

        user_info = collect_user_info(req)
        can_attach_files = False
        (auth_code, auth_msg) = check_user_can_attach_file_to_comments(user_info, self.recid)
        if not auth_code and (user_info['email'] != 'guest' or user_info['apache_user']):
            can_attach_files = True

        warning_msgs = []
        added_files = {}
        if can_attach_files:
            # User is allowed to attach files. Process the files
            file_too_big = False
            formfields = form.get('commentattachment[]', [])
            if not hasattr(formfields, "__getitem__"): # A single file was uploaded
                formfields = [formfields]
            for formfield in formfields[:CFG_WEBCOMMENT_MAX_ATTACHED_FILES]:
                if hasattr(formfield, "filename") and formfield.filename:
                    filename = formfield.filename
                    dir_to_open = os.path.join(CFG_TMPDIR, 'webcomment', str(uid))
                    try:
                        assert(dir_to_open.startswith(CFG_TMPDIR))
                    except AssertionError:
                        register_exception(req=req,
                                           prefix='User #%s tried to upload file to forbidden location: %s' \
                                           % (uid, dir_to_open))

                    if not os.path.exists(dir_to_open):
                        try:
                            os.makedirs(dir_to_open)
                        except:
                            register_exception(req=req, alert_admin=True)

                    ## Before saving the file to disc, wash the filename (in particular
                    ## washing away UNIX and Windows (e.g. DFS) paths):
                    filename = os.path.basename(filename.split('\\')[-1])
                    filename = filename.strip()
                    if filename != "":
                        # Check that file does not already exist
                        n = 1
                        while os.path.exists(os.path.join(dir_to_open, filename)):
                            basedir, name, extension = decompose_file(filename)
                            new_name = propose_next_docname(name)
                            filename = new_name + extension

                        fp = open(os.path.join(dir_to_open, filename), "w")
                        # FIXME: temporary, waiting for wsgi handler to be
                        # fixed. Once done, read chunk by chunk
##                         while formfield.file:
##                             fp.write(formfield.file.read(10240))
                        fp.write(formfield.file.read())
                        fp.close()
                        # Isn't this file too big?
                        file_size = os.path.getsize(os.path.join(dir_to_open, filename))
                        if CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE > 0 and \
                               file_size > CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE:
                            os.remove(os.path.join(dir_to_open, filename))
                            # One file is too big: record that,
                            # dismiss all uploaded files and re-ask to
                            # upload again
                            file_too_big = True
                            warning_msgs.append(('WRN_WEBCOMMENT_MAX_FILE_SIZE_REACHED', cgi.escape(filename), str(file_size/1024) + 'KB', str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE/1024) + 'KB'))
                        else:
                            added_files[filename] = os.path.join(dir_to_open, filename)

            if file_too_big:
                # One file was too big. Removed all uploaded filed
                for filepath in added_files.items():
                    try:
                        os.remove(filepath)
                    except:
                        # File was already removed or does not exist?
                        pass

        client_ip_address = req.remote_ip
        check_warnings = []
        (ok, problem) = check_recID_is_in_range(self.recid, check_warnings, argd['ln'])
        if ok:
            title, description, keywords = websearch_templates.tmpl_record_page_header_content(req,
                                                                                               self.recid,
                                                                                               argd['ln'])
            navtrail = create_navtrail_links(cc=guess_primary_collection_of_a_record(self.recid))
            if navtrail:
                navtrail += ' &gt; '
            navtrail += '<a class="navtrail" href="%s/record/%s?ln=%s">'% (CFG_SITE_URL, self.recid, argd['ln'])
            navtrail += title
            navtrail += '</a>'
            navtrail += '&gt; <a class="navtrail" href="%s/record/%s/%s/?ln=%s">%s</a>' % (CFG_SITE_URL,
                                                                                           self.recid,
                                                                                           self.discussion==1 and 'reviews' or 'comments',
                                                                                           argd['ln'],
                                                                                           self.discussion==1 and _('Reviews') or _('Comments'))

            if argd['action'] not in actions:
                argd['action'] = 'DISPLAY'

            if not argd['msg']:
                # User had to login in-between, so retrieve msg
                # from cookie
                try:
                    (kind, cookie_argd) = mail_cookie_check_common(argd['cookie'],
                                                                    delete=True)

                    argd.update(cookie_argd)
                except InvenioWebAccessMailCookieDeletedError, e:
                    return redirect_to_url(req, CFG_SITE_URL + '/record/' + \
                                           str(self.recid) + (self.discussion==1 and \
                                                              '/reviews' or '/comments'))
                except InvenioWebAccessMailCookieError, e:
                    # Invalid or empty cookie: continue
                    pass
Beispiel #47
0
    def add(self, req, form):
        """
        Add a comment (review) to record with id recid where recid>0
        Also works for adding a remark to basket with id recid where recid<-99
        @param ln: languange
        @param recid: record id
        @param action:  'DISPLAY' to display add form
                        'SUBMIT' to submit comment once form is filled
                        'REPLY' to reply to an already existing comment
        @param msg: the body of the comment/review or remark
        @param score: star score of the review
        @param note: title of the review
        @param comid: comment id, needed for replying
        @param editor_type: the type of editor used for submitting the
                            comment: 'textarea', 'fckeditor'.
        @param subscribe: if set, subscribe user to receive email
                          notifications when new comment are added to
                          this discussion
        @return the full html page.
        """
        argd = wash_urlargd(
            form, {
                'action': (str, "DISPLAY"),
                'msg': (str, ""),
                'note': (str, ''),
                'score': (int, 0),
                'comid': (int, 0),
                'editor_type': (str, ""),
                'subscribe': (str, ""),
                'cookie': (str, "")
            })
        _ = gettext_set_language(argd['ln'])

        actions = ['DISPLAY', 'REPLY', 'SUBMIT']
        uid = getUid(req)

        # Is site ready to accept comments?
        if uid == -1 or (not CFG_WEBCOMMENT_ALLOW_COMMENTS
                         and not CFG_WEBCOMMENT_ALLOW_REVIEWS):
            return page_not_authorized(req,
                                       "../comments/add",
                                       navmenuid='search')

        # Is user allowed to post comment?
        user_info = collect_user_info(req)
        (auth_code_1,
         auth_msg_1) = check_user_can_view_comments(user_info, self.recid)
        (auth_code_2,
         auth_msg_2) = check_user_can_send_comments(user_info, self.recid)
        if isGuestUser(uid):
            cookie = mail_cookie_create_authorize_action(
                VIEWRESTRCOLL, {
                    'collection': guess_primary_collection_of_a_record(
                        self.recid)
                })
            # Save user's value in cookie, so that these "POST"
            # parameters are not lost during login process
            msg_cookie = mail_cookie_create_common(
                'comment_msg', {
                    'msg': argd['msg'],
                    'note': argd['note'],
                    'score': argd['score'],
                    'editor_type': argd['editor_type'],
                    'subscribe': argd['subscribe']
                },
                onetime=True)
            target = '/youraccount/login' + \
                make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \
                CFG_SITE_URL + user_info['uri'] + '&cookie=' + msg_cookie}, {})
            return redirect_to_url(req, target, norobot=True)
        elif (auth_code_1 or auth_code_2):
            return page_not_authorized(req, "../", \
                text = auth_msg_1 + auth_msg_2)

        user_info = collect_user_info(req)
        can_attach_files = False
        (auth_code, auth_msg) = check_user_can_attach_file_to_comments(
            user_info, self.recid)
        if not auth_code and (user_info['email'] != 'guest'):
            can_attach_files = True

        warning_msgs = []
        added_files = {}
        if can_attach_files:
            # User is allowed to attach files. Process the files
            file_too_big = False
            formfields = form.get('commentattachment[]', [])
            if not hasattr(formfields,
                           "__getitem__"):  # A single file was uploaded
                formfields = [formfields]
            for formfield in formfields[:CFG_WEBCOMMENT_MAX_ATTACHED_FILES]:
                if hasattr(formfield, "filename") and formfield.filename:
                    filename = formfield.filename
                    dir_to_open = os.path.join(CFG_TMPDIR, 'webcomment',
                                               str(uid))
                    try:
                        assert (dir_to_open.startswith(CFG_TMPDIR))
                    except AssertionError:
                        register_exception(req=req,
                                           prefix='User #%s tried to upload file to forbidden location: %s' \
                                           % (uid, dir_to_open))

                    if not os.path.exists(dir_to_open):
                        try:
                            os.makedirs(dir_to_open)
                        except:
                            register_exception(req=req, alert_admin=True)

                    ## Before saving the file to disc, wash the filename (in particular
                    ## washing away UNIX and Windows (e.g. DFS) paths):
                    filename = os.path.basename(filename.split('\\')[-1])
                    filename = filename.strip()
                    if filename != "":
                        # Check that file does not already exist
                        n = 1
                        while os.path.exists(
                                os.path.join(dir_to_open, filename)):
                            basedir, name, extension = decompose_file(filename)
                            new_name = propose_next_docname(name)
                            filename = new_name + extension

                        fp = open(os.path.join(dir_to_open, filename), "w")
                        # FIXME: temporary, waiting for wsgi handler to be
                        # fixed. Once done, read chunk by chunk
                        ##                         while formfield.file:
                        ##                             fp.write(formfield.file.read(10240))
                        fp.write(formfield.file.read())
                        fp.close()
                        # Isn't this file too big?
                        file_size = os.path.getsize(
                            os.path.join(dir_to_open, filename))
                        if CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE > 0 and \
                               file_size > CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE:
                            os.remove(os.path.join(dir_to_open, filename))
                            # One file is too big: record that,
                            # dismiss all uploaded files and re-ask to
                            # upload again
                            file_too_big = True
                            warning_msgs.append(
                                ('WRN_WEBCOMMENT_MAX_FILE_SIZE_REACHED',
                                 cgi.escape(filename),
                                 str(file_size / 1024) + 'KB',
                                 str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE / 1024)
                                 + 'KB'))
                        else:
                            added_files[filename] = os.path.join(
                                dir_to_open, filename)

            if file_too_big:
                # One file was too big. Removed all uploaded filed
                for filepath in added_files.items():
                    try:
                        os.remove(filepath)
                    except:
                        # File was already removed or does not exist?
                        pass

        client_ip_address = req.remote_ip
        check_warnings = []
        (ok, problem) = check_recID_is_in_range(self.recid, check_warnings,
                                                argd['ln'])
        if ok:
            title, description, keywords = websearch_templates.tmpl_record_page_header_content(
                req, self.recid, argd['ln'])
            navtrail = create_navtrail_links(
                cc=guess_primary_collection_of_a_record(self.recid))
            if navtrail:
                navtrail += ' &gt; '
            navtrail += '<a class="navtrail" href="%s/record/%s?ln=%s">' % (
                CFG_SITE_URL, self.recid, argd['ln'])
            navtrail += title
            navtrail += '</a>'
            navtrail += '&gt; <a class="navtrail" href="%s/record/%s/%s/?ln=%s">%s</a>' % (
                CFG_SITE_URL, self.recid, self.discussion == 1 and 'reviews'
                or 'comments', argd['ln'],
                self.discussion == 1 and _('Reviews') or _('Comments'))

            if argd['action'] not in actions:
                argd['action'] = 'DISPLAY'

            if not argd['msg']:
                # User had to login in-between, so retrieve msg
                # from cookie
                try:
                    (kind,
                     cookie_argd) = mail_cookie_check_common(argd['cookie'],
                                                             delete=True)

                    argd.update(cookie_argd)
                except InvenioWebAccessMailCookieDeletedError, e:
                    return redirect_to_url(req, CFG_SITE_URL + '/record/' + \
                                           str(self.recid) + (self.discussion==1 and \
                                                              '/reviews' or '/comments'))
                except InvenioWebAccessMailCookieError, e:
                    # Invalid or empty cookie: continue
                    pass
    def register_request(self, req, form):
        """
        Displays all loans of a given user
        @param ln:  language
        @return the page for inbox
        """

        argd = wash_urlargd(
            form, {
                'ln': (str, ""),
                'title': (str, ""),
                'authors': (str, ""),
                'place': (str, ""),
                'publisher': (str, ""),
                'year': (str, ""),
                'edition': (str, ""),
                'isbn': (str, ""),
                'period_of_interest_from': (str, ""),
                'period_of_interest_to': (str, ""),
                'additional_comments': (str, ""),
                'conditions': (str, ""),
                'only_edition': (str, ""),
            })

        # Check if user is logged
        uid = getUid(req)
        if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
            return page_not_authorized(req, "%s/ill/register_request" % \
                                       (CFG_SITE_URL,),
                                       navmenuid="ill")
        elif uid == -1 or isGuestUser(uid):
            return redirect_to_url(
                req,
                "%s/youraccount/login%s" %
                (CFG_SITE_SECURE_URL,
                 make_canonical_urlargd(
                     {
                         'referer':
                         "%s/ill/register_request%s" %
                         (CFG_SITE_URL, make_canonical_urlargd(argd, {})),
                         "ln":
                         argd['ln']
                     }, {})),
                norobot=True)

        _ = gettext_set_language(argd['ln'])

        user_info = collect_user_info(req)
        if not user_info['precached_useloans']:
            return page_not_authorized(req, "../", \
                                       text = _("You are not authorized to use ill."))

        body = ill_register_request(
            uid=uid,
            title=argd['title'],
            authors=argd['authors'],
            place=argd['place'],
            publisher=argd['publisher'],
            year=argd['year'],
            edition=argd['edition'],
            isbn=argd['isbn'],
            period_of_interest_from=argd['period_of_interest_from'],
            period_of_interest_to=argd['period_of_interest_to'],
            additional_comments=argd['additional_comments'],
            conditions=argd['conditions'],
            only_edition=argd['only_edition'],
            request_type='book',
            ln=argd['ln'])

        return page(title=_("Interlibrary loan request for books"),
                    body=body,
                    uid=uid,
                    lastupdated=__lastupdated__,
                    req=req,
                    language=argd['ln'],
                    navmenuid="ill")
    def add(self, req, form):
        """
        Add a comment (review) to record with id recid where recid>0
        Also works for adding a remark to basket with id recid where recid<-99
        @param ln: languange
        @param recid: record id
        @param action:  'DISPLAY' to display add form
                        'SUBMIT' to submit comment once form is filled
                        'REPLY' to reply to an already existing comment
        @param msg: the body of the comment/review or remark
        @param score: star score of the review
        @param note: title of the review
        @param comid: comment id, needed for replying
        @param editor_type: the type of editor used for submitting the
                            comment: 'textarea', 'ckeditor'.
        @param subscribe: if set, subscribe user to receive email
                          notifications when new comment are added to
                          this discussion
        @return the full html page.
        """
        argd = wash_urlargd(
            form, {
                'action': (str, "DISPLAY"),
                'msg': (str, ""),
                'note': (str, ''),
                'score': (int, 0),
                'comid': (int, 0),
                'editor_type': (str, ""),
                'subscribe': (str, ""),
                'cookie': (str, "")
            })
        _ = gettext_set_language(argd['ln'])

        actions = ['DISPLAY', 'REPLY', 'SUBMIT']
        uid = getUid(req)

        # Is site ready to accept comments?
        if uid == -1 or (not CFG_WEBCOMMENT_ALLOW_COMMENTS
                         and not CFG_WEBCOMMENT_ALLOW_REVIEWS):
            return page_not_authorized(req,
                                       "../comments/add",
                                       navmenuid='search')

        # Is user allowed to post comment?
        user_info = collect_user_info(req)
        (auth_code_1,
         auth_msg_1) = check_user_can_view_comments(user_info, self.recid)
        (auth_code_2,
         auth_msg_2) = check_user_can_send_comments(user_info, self.recid)
        if isGuestUser(uid):
            cookie = mail_cookie_create_authorize_action(
                VIEWRESTRCOLL, {
                    'collection': guess_primary_collection_of_a_record(
                        self.recid)
                })
            # Save user's value in cookie, so that these "POST"
            # parameters are not lost during login process
            msg_cookie = mail_cookie_create_common(
                'comment_msg', {
                    'msg': argd['msg'],
                    'note': argd['note'],
                    'score': argd['score'],
                    'editor_type': argd['editor_type'],
                    'subscribe': argd['subscribe']
                },
                onetime=True)
            target = CFG_SITE_SECURE_URL + '/youraccount/login' + \
                make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \
                CFG_SITE_SECURE_URL + user_info['uri'] + '&cookie=' + msg_cookie}, {})
            return redirect_to_url(req, target, norobot=True)
        elif (auth_code_1 or auth_code_2):
            return page_not_authorized(req, "../", \
                text = auth_msg_1 + auth_msg_2)

        if argd['comid']:
            # If replying to a comment, are we on a record that
            # matches the original comment user is replying to?
            if not check_comment_belongs_to_record(argd['comid'], self.recid):
                return page_not_authorized(req, "../", \
                                           text = _("Specified comment does not belong to this record"))

            # Is user trying to reply to a restricted comment? Make
            # sure user has access to it.  We will then inherit its
            # restriction for the new comment
            (auth_code,
             auth_msg) = check_user_can_view_comment(user_info, argd['comid'])
            if auth_code:
                return page_not_authorized(req, "../", \
                                           text = _("You do not have access to the specified comment"))

            # Is user trying to reply to a deleted comment? If so, we
            # let submitted comment go (to not lose possibly submitted
            # content, if comment is submitted while original is
            # deleted), but we "reset" comid to make sure that for
            # action 'REPLY' the original comment is not included in
            # the reply
            if is_comment_deleted(argd['comid']):
                argd['comid'] = 0

        user_info = collect_user_info(req)
        can_attach_files = False
        (auth_code, auth_msg) = check_user_can_attach_file_to_comments(
            user_info, self.recid)
        if not auth_code and (user_info['email'] != 'guest'):
            can_attach_files = True

        warning_msgs = [
        ]  # list of warning tuples (warning_text, warning_color)
        added_files = {}
        if can_attach_files:
            # User is allowed to attach files. Process the files
            file_too_big = False
            formfields = form.get('commentattachment[]', [])
            if not hasattr(formfields,
                           "__getitem__"):  # A single file was uploaded
                formfields = [formfields]
            for formfield in formfields[:CFG_WEBCOMMENT_MAX_ATTACHED_FILES]:
                if hasattr(formfield, "filename") and formfield.filename:
                    filename = formfield.filename
                    dir_to_open = os.path.join(CFG_TMPSHAREDDIR, 'webcomment',
                                               str(uid))
                    try:
                        assert (dir_to_open.startswith(CFG_TMPSHAREDDIR))
                    except AssertionError:
                        register_exception(req=req,
                                           prefix='User #%s tried to upload file to forbidden location: %s' \
                                           % (uid, dir_to_open))

                    if not os.path.exists(dir_to_open):
                        try:
                            os.makedirs(dir_to_open)
                        except:
                            register_exception(req=req, alert_admin=True)

                    ## Before saving the file to disc, wash the filename (in particular
                    ## washing away UNIX and Windows (e.g. DFS) paths):
                    filename = os.path.basename(filename.split('\\')[-1])
                    filename = filename.strip()
                    if filename != "":
                        # Check that file does not already exist
                        n = 1
                        while os.path.exists(
                                os.path.join(dir_to_open, filename)):
                            basedir, name, extension = decompose_file(filename)
                            new_name = propose_next_docname(name)
                            filename = new_name + extension

                        fp = open(os.path.join(dir_to_open, filename), "w")
                        # FIXME: temporary, waiting for wsgi handler to be
                        # fixed. Once done, read chunk by chunk
                        ##                         while formfield.file:
                        ##                             fp.write(formfield.file.read(10240))
                        fp.write(formfield.file.read())
                        fp.close()
                        # Isn't this file too big?
                        file_size = os.path.getsize(
                            os.path.join(dir_to_open, filename))
                        if CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE > 0 and \
                               file_size > CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE:
                            os.remove(os.path.join(dir_to_open, filename))
                            # One file is too big: record that,
                            # dismiss all uploaded files and re-ask to
                            # upload again
                            file_too_big = True
                            try:
                                raise InvenioWebCommentWarning(
                                    _('The size of file \\"%s\\" (%s) is larger than maximum allowed file size (%s). Select files again.'
                                      ) %
                                    (cgi.escape(filename),
                                     str(file_size / 1024) + 'KB',
                                     str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE /
                                         1024) + 'KB'))
                            except InvenioWebCommentWarning, exc:
                                register_exception(stream='warning')
                                warning_msgs.append((exc.message, ''))
                            #warning_msgs.append(('WRN_WEBCOMMENT_MAX_FILE_SIZE_REACHED', cgi.escape(filename), str(file_size/1024) + 'KB', str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE/1024) + 'KB'))
                        else:
                            added_files[filename] = os.path.join(
                                dir_to_open, filename)

            if file_too_big:
                # One file was too big. Removed all uploaded filed
                for filepath in added_files.items():
                    try:
                        os.remove(filepath)
                    except:
                        # File was already removed or does not exist?
                        pass