def rotate_media(dbo, username, mid, clockwise = True): """ Rotates an image media record 90 degrees if clockwise is true, or 270 degrees if false """ mr = dbo.first_row(dbo.query("SELECT * FROM media WHERE ID=?", [mid])) if not mr: raise utils.ASMError("Record does not exist") # If it's not a jpg image, we can stop right now mn = mr.MEDIANAME ext = mn[mn.rfind("."):].lower() if ext != ".jpg" and ext != ".jpeg": raise utils.ASMError("Image is not a JPEG file, cannot rotate") # Load the image data path = get_dbfs_path(mr.LINKID, mr.LINKTYPEID) imagedata = dbfs.get_string(dbo, mn, path) imagedata = rotate_image(imagedata, clockwise) # Store it back in the dbfs and add an entry to the audit trail dbfs.put_string(dbo, mn, path, imagedata) # Update the date stamp on the media record dbo.update("media", mid, { "Date": dbo.now(), "MediaSize": len(imagedata) }) audit.edit(dbo, username, "media", mid, "", "media id %d rotated, clockwise=%s" % (mid, str(clockwise)))
def delete_movement(dbo, username, mid): """ Deletes a movement record """ animalid = dbo.query_int("SELECT AnimalID FROM adoption WHERE ID = ?", [mid]) if animalid == 0: raise utils.ASMError("Trying to delete a movement that does not exist") dbo.execute("UPDATE ownerdonation SET MovementID = 0 WHERE MovementID = ?", [mid]) dbo.delete("adoption", mid, username) animal.update_animal_status(dbo, animalid) animal.update_variable_animal_data(dbo, animalid)
def rotate_media(dbo, username, mid, clockwise=True): """ Rotates an image media record 90 degrees if clockwise is true, or 270 degrees if false """ mr = db.query(dbo, "SELECT * FROM media WHERE ID=%d" % int(mid)) if len(mr) == 0: raise utils.ASMError("Record does not exist") mr = mr[0] mn = mr["MEDIANAME"] # If it's not a jpg image, we can stop right now ext = mn[mn.rfind("."):].lower() if ext != ".jpg" and ext != ".jpeg": raise utils.ASMError("Image is not a JPEG file, cannot rotate") # Load the image data path = get_dbfs_path(mr["LINKID"], mr["LINKTYPEID"]) imagedata = dbfs.get_string(dbo, mn, path) imagedata = rotate_image(imagedata, clockwise) # Store it back in the dbfs and add an entry to the audit trail dbfs.put_string(dbo, mn, path, imagedata) # Update the date stamp on the media record db.execute(dbo, "UPDATE media SET Date = %s WHERE ID = %d" % (db.nowsql(), mid)) audit.edit(dbo, username, "media", "media id %d rotated, clockwise=%s" % (mid, str(clockwise)))
def delete_movement(dbo, username, mid): """ Deletes a movement record """ animalid = db.query_int( dbo, "SELECT AnimalID FROM adoption WHERE ID = %d" % int(mid)) if animalid == 0: raise utils.ASMError("Trying to delete a movement that does not exist") db.execute( dbo, "UPDATE ownerdonation SET MovementID = 0 WHERE MovementID = %d" % int(mid)) audit.delete( dbo, username, "adoption", str(db.query(dbo, "SELECT * FROM adoption WHERE ID=%d" % int(mid)))) db.execute(dbo, "DELETE FROM adoption WHERE ID = %d" % int(mid)) animal.update_animal_status(dbo, animalid) animal.update_variable_animal_data(dbo, animalid)
def flood_protect(method, remoteip, ttl, message = ""): """ Checks to see if we've had a request for method from remoteip since ttl seconds ago. If we haven't, we record this as the last time we saw a request from this ip address for that method. Otherwise, an error is thrown. method: The service method we're protecting remoteip: The ip address of the caller ttl: The protection period (one request per ttl seconds) """ cache_key = "m%sr%s" % (method, str(remoteip).replace(", ", "")) # X-FORWARDED-FOR can be a list, remove commas v = cachemem.get(cache_key) #al.debug("method: %s, remoteip: %s, ttl: %d, cacheval: %s" % (method, remoteip, ttl, v), "service.flood_protect") if v is None: cachemem.put(cache_key, "x", ttl) else: if message == "": message = "You have already called '%s' in the last %d seconds, please wait before trying again." % (method, ttl) raise utils.ASMError(message)
def handler(post, path, remoteip, referer, querystring): """ Handles the various service method types. post: The GET/POST parameters path: The current system path/code.PATH remoteip: The IP of the caller referer: The referer HTTP header querystring: The complete querystring return value is a tuple containing MIME type, max-age, content """ # Get service parameters account = post["account"] username = post["username"] password = post["password"] method = post["method"] animalid = post.integer("animalid") formid = post.integer("formid") seq = post.integer("seq") title = post["title"] strip_personal = post.integer("sensitive") == 0 cache_key = querystring.replace(" ", "") # Do we have a cached response for these parameters? cached_response = get_cached_response(cache_key) if cached_response is not None: al.debug("cache hit for %s" % (cache_key), "service.handler") return cached_response # Are we dealing with multiple databases, but no account was specified? if account == "" and MULTIPLE_DATABASES: return ("text/plain", 0, 0, "ERROR: No database/alias specified") dbo = db.get_database(account) if dbo.database in ("FAIL", "DISABLED", "WRONGSERVER"): al.error( "auth failed - invalid smaccount %s from %s (%s)" % (account, remoteip, dbo.database), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid database (%s)" % dbo.database) # If the database has disabled the service API, stop now if not configuration.service_enabled(dbo): al.error("Service API is disabled (%s)" % method, "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Service API is disabled") # Do any database updates need doing in this db? dbo.installpath = path if dbupdate.check_for_updates(dbo): dbupdate.perform_updates(dbo) # Does the method require us to authenticate? If so, do it. user = None securitymap = "" if method in AUTH_METHODS: # If the database has authenticated service methods disabled, stop now if not configuration.service_auth_enabled(dbo): al.error("Service API for auth methods is disabled (%s)" % method, "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Service API for authenticated methods is disabled") user = users.authenticate(dbo, username, password) if user is None: al.error( "auth failed - %s/%s is not a valid username/password from %s" % (username, password, remoteip), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid username and password") securitymap = users.get_security_map(dbo, user["USERNAME"]) # Get the preferred locale and timezone for the site l = configuration.locale(dbo) dbo.locale = l dbo.timezone = configuration.timezone(dbo) al.info("call %s->%s [%s %s]" % (username, method, str(animalid), title), "service.handler", dbo) if method == "animal_image": hotlink_protect("animal_image", referer) if utils.cint(animalid) == 0: al.error( "animal_image failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: mediadate, data = media.get_image_file_data( dbo, "animal", utils.cint(animalid), seq) if data == "NOPIC": mediadate, data = media.get_image_file_data(dbo, "nopic", 0) return set_cached_response(cache_key, "image/jpeg", 86400, 3600, data) elif method == "animal_thumbnail": if utils.cint(animalid) == 0: al.error( "animal_thumbnail failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: mediadate, data = media.get_image_file_data( dbo, "animalthumb", utils.cint(animalid), seq) if data == "NOPIC": mediadate, data = media.get_image_file_data(dbo, "nopic", 0) return set_cached_response(cache_key, "image/jpeg", 86400, 86400, data) elif method == "animal_view": if utils.cint(animalid) == 0: al.error( "animal_view failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: return set_cached_response( cache_key, "text/html", 86400, 120, publishers.html.get_animal_view(dbo, utils.cint(animalid))) elif method == "animal_view_adoptable_js": return set_cached_response( cache_key, "application/javascript", 10800, 600, publishers.html.get_animal_view_adoptable_js(dbo)) elif method == "animal_view_adoptable_html": return set_cached_response( cache_key, "text/html", 86400, 120, publishers.html.get_animal_view_adoptable_html(dbo)) elif method == "dbfs_image": hotlink_protect("dbfs_image", referer) return set_cached_response( cache_key, "image/jpeg", 86400, 86400, utils.iif(title.startswith("/"), dbfs.get_string_filepath(dbo, title), dbfs.get_string(dbo, title))) elif method == "extra_image": hotlink_protect("extra_image", referer) return set_cached_response(cache_key, "image/jpeg", 86400, 86400, dbfs.get_string(dbo, title, "/reports")) elif method == "json_adoptable_animal": if utils.cint(animalid) == 0: al.error( "json_adoptable_animal failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data( dbo, None, utils.cint(animalid), include_additional_fields=True) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "html_adoptable_animals": return set_cached_response(cache_key, "text/html", 10800, 1800, \ publishers.html.get_adoptable_animals(dbo, style=post["template"], \ speciesid=post.integer("speciesid"), animaltypeid=post.integer("animaltypeid"), locationid=post.integer("locationid"))) elif method == "html_adopted_animals": return set_cached_response(cache_key, "text/html", 10800, 1800, \ publishers.html.get_adopted_animals(dbo, daysadopted=post.integer("days"), style=post["template"], \ speciesid=post.integer("speciesid"), animaltypeid=post.integer("animaltypeid"))) elif method == "html_deceased_animals": return set_cached_response(cache_key, "text/html", 10800, 1800, \ publishers.html.get_deceased_animals(dbo, daysdeceased=post.integer("days"), style=post["template"], \ speciesid=post.integer("speciesid"), animaltypeid=post.integer("animaltypeid"))) elif method == "html_held_animals": return set_cached_response(cache_key, "text/html", 10800, 1800, \ publishers.html.get_held_animals(dbo, style=post["template"], \ speciesid=post.integer("speciesid"), animaltypeid=post.integer("animaltypeid"))) elif method == "json_adoptable_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data(dbo, None, include_additional_fields=True) if strip_personal: rs = strip_personal_data(rs) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "jsonp_adoptable_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data(dbo, None, include_additional_fields=True) if strip_personal: rs = strip_personal_data(rs) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(rs))) elif method == "xml_adoptable_animal": if utils.cint(animalid) == 0: al.error( "xml_adoptable_animal failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data( dbo, None, utils.cint(animalid), include_additional_fields=True) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs)) elif method == "xml_adoptable_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data(dbo, None, include_additional_fields=True) if strip_personal: rs = strip_personal_data(rs) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs)) elif method == "json_found_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_FOUND_ANIMAL) rs = lostfound.get_foundanimal_last_days(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "jsonp_found_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_FOUND_ANIMAL) rs = lostfound.get_foundanimal_last_days(dbo) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(rs))) elif method == "xml_found_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_FOUND_ANIMAL) rs = lostfound.get_foundanimal_last_days(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, html.xml(rs)) elif method == "json_lost_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_LOST_ANIMAL) rs = lostfound.get_lostanimal_last_days(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "jsonp_lost_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_LOST_ANIMAL) rs = lostfound.get_lostanimal_last_days(dbo) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(rs))) elif method == "xml_lost_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_LOST_ANIMAL) rs = lostfound.get_lostanimal_last_days(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, html.xml(rs)) elif method == "json_recent_adoptions": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "jsonp_recent_adoptions": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = movement.get_recent_adoptions(dbo) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(rs))) elif method == "xml_recent_adoptions": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs)) elif method == "html_report": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_REPORT) crid = reports.get_id(dbo, title) p = reports.get_criteria_params(dbo, crid, post) rhtml = reports.execute(dbo, crid, username, p) return set_cached_response(cache_key, "text/html", 600, 600, rhtml) elif method == "csv_mail" or method == "csv_report": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_REPORT) crid = reports.get_id(dbo, title) p = reports.get_criteria_params(dbo, crid, post) rows, cols = reports.execute_query(dbo, crid, username, p) mcsv = utils.csv(l, rows, cols, True) return set_cached_response(cache_key, "text/csv", 600, 600, mcsv) elif method == "jsonp_recent_changes": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_recent_changes(dbo) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(sa))) elif method == "json_recent_changes": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_recent_changes(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(sa)) elif method == "xml_recent_changes": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_recent_changes(dbo) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(sa)) elif method == "jsonp_shelter_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_shelter_animals(dbo) if strip_personal: sa = strip_personal_data(sa) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(sa))) elif method == "json_shelter_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_shelter_animals(dbo) if strip_personal: sa = strip_personal_data(sa) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(sa)) elif method == "xml_shelter_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_shelter_animals(dbo) if strip_personal: sa = strip_personal_data(sa) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(sa)) elif method == "rss_timeline": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) return set_cached_response(cache_key, "application/rss+xml", 3600, 3600, html.timeline_rss(dbo)) elif method == "upload_animal_image": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.ADD_MEDIA) media.attach_file_from_form(dbo, username, media.ANIMAL, int(animalid), post) return ("text/plain", 0, 0, "OK") elif method == "online_form_html": if formid == 0: raise utils.ASMError( "method online_form_html requires a valid formid") return set_cached_response(cache_key, "text/html; charset=utf-8", 120, 120, onlineform.get_onlineform_html(dbo, formid)) elif method == "online_form_json": if formid == 0: raise utils.ASMError( "method online_form_json requires a valid formid") return set_cached_response(cache_key, "application/json; charset=utf-8", 30, 30, onlineform.get_onlineform_json(dbo, formid)) elif method == "online_form_post": flood_protect("online_form_post", remoteip, 15) onlineform.insert_onlineformincoming_from_form(dbo, post, remoteip) redirect = post["redirect"] if redirect == "": redirect = BASE_URL + "/static/pages/form_submitted.html" return ("redirect", 0, 0, redirect) elif method == "sign_document": if formid == 0: raise utils.ASMError( "method sign_document requires a valid formid") if post["sig"] == "": return set_cached_response(cache_key, "text/html", 2, 2, sign_document_page(dbo, formid)) else: media.sign_document(dbo, "service", formid, post["sig"], post["signdate"]) media.create_log(dbo, "service", formid, "ES02", _("Document signed", l)) return ("text/plain", 0, 0, "OK") else: al.error("invalid method '%s'" % method, "service.handler", dbo) raise utils.ASMError("Invalid method '%s'" % method)
def giftaid_spreadsheet(dbo, path, fromdate, todate): """ Generates an HMRC giftaid spreadsheet in their ODS format. The template is stored in src/static/docs/giftaid.ods path: The path to the ASM installation fromdate: Python date, the date to include donations from todate: Python date, the date to include donations to """ def housenumber(s): # Return the full address if the first word is not numeric bits = s.strip().split(" ") houseno = s if len(bits) > 0 and utils.cint(bits[0]) > 0: houseno = bits[0] return houseno # Get the zip file containing our tax year template and load # it into an in-memory file try: ods = open(path + "static/docs/giftaid.ods", "r") zf = zipfile.ZipFile(ods, "r") # Load the content.xml file content = zf.open("content.xml").read() dons = db.query(dbo, "SELECT od.Date AS DonationDate, od.Donation AS DonationAmount, o.* " \ "FROM ownerdonation od " \ "INNER JOIN owner o ON od.OwnerID = o.ID " \ "WHERE od.IsGiftAid = 1 AND od.Date Is Not Null AND " \ "od.Date >= %s AND od.Date <= %s ORDER BY od.Date" % (db.dd(fromdate), db.dd(todate))) al.debug( "got %d giftaid donations for %s -> %s" % (len(dons), str(fromdate), str(todate)), "financial.giftaid_spreadsheet", dbo) # Insert them into the content.xml # We just replace the first occurrence each time subearly = False for d in dons: if not subearly: subearly = True content = content.replace( "DONEARLIESTDONATION", i18n.format_date("%d/%m/%y", d["DONATIONDATE"])) content = content.replace("DONTITLE", d["OWNERTITLE"], 1) content = content.replace("DONFIRSTNAME", d["OWNERFORENAMES"], 1) content = content.replace("DONLASTNAME", d["OWNERSURNAME"], 1) content = content.replace("DONHOUSENUMBER", housenumber(d["OWNERADDRESS"]), 1) content = content.replace("DONPOSTCODE", d["OWNERPOSTCODE"], 1) content = content.replace("DONAGGREGATE", "", 1) content = content.replace("DONSPONSOR", "", 1) # Switch the string date format to a real date with the correct value content = content.replace("table:style-name=\"ce36\" office:value-type=\"string\">", "table:style-name=\"ce36\" office:value-type=\"date\" office:date-value=\"%s\">" % \ i18n.format_date("%Y-%m-%d", d["DONATIONDATE"]), 1) content = content.replace( "DONDATE", i18n.format_date("%d/%m/%y", d["DONATIONDATE"]), 1) donamt = str(float(d["DONATIONAMOUNT"]) / 100) content = content.replace("<text:p>54,321.00</text:p>", "<text:p>" + donamt + "</text:p>", 1) content = content.replace("office:value=\"54321\"", "office:value=\"" + donamt + "\"", 1) # Clear out anything remaining content = content.replace("DONTITLE", "") content = content.replace("DONFIRSTNAME", "") content = content.replace("DONLASTNAME", "") content = content.replace("DONHOUSENUMBER", "") content = content.replace("DONPOSTCODE", "") content = content.replace("DONAGGREGATE", "") content = content.replace("DONSPONSOR", "") content = content.replace("DONDATE", "") content = content.replace("<text:p>54,321.00</text:p>", "<text:p></text:p>") content = content.replace("office:value=\"54321\"", "office:value=\"\"") # Write the replacement file zo = StringIO() zfo = zipfile.ZipFile(zo, "w") for f in zf.namelist(): if f == "content.xml": zfo.writestr("content.xml", content) else: zfo.writestr(f, zf.open(f).read()) zf.close() zfo.close() # Return the zip data return zo.getvalue() except Exception, zderr: al.error("failed generating spreadsheet: %s" % str(zderr), "financial.giftaid_spreadsheet", dbo, sys.exc_info()) raise utils.ASMError("Failed generating spreadsheet: %s" % str(zderr))
def handler(data, remoteip, referer): """ Handles the various service method types. data: The GET/POST parameters return value is a tuple containing MIME type, max-age, content """ # Database info dbo = db.DatabaseInfo() # Get service parameters account = utils.df_ks(data, "account") username = utils.df_ks(data, "username") password = utils.df_ks(data, "password") method = utils.df_ks(data, "method") animalid = utils.df_ki(data, "animalid") formid = utils.df_ki(data, "formid") title = utils.df_ks(data, "title") cache_key = "a" + account + "u" + username + "p" + password + "m" + method + "a" + str( animalid) + "f" + str(formid) + "t" + title # cache keys aren't allowed spaces cache_key = cache_key.replace(" ", "") # Do we have a cached response for these parameters? cached_response = get_cached_response(cache_key) if cached_response is not None: al.debug( "cache hit for %s/%s/%s/%s" % (account, method, animalid, title), "service.handler") return cached_response # Are we dealing with multiple databases, but no account was specified? if account == "" and MULTIPLE_DATABASES: return ("text/plan", 0, "ERROR: No database/alias specified") # Are we dealing with multiple databases and an account was specified? if account != "": if MULTIPLE_DATABASES: if MULTIPLE_DATABASES_TYPE == "smcom": # Is this sheltermanager.com? If so, we need to get the # database connection info (dbo) before we can login. dbo = smcom.get_database_info(account) else: # Look up the database info from our map dbo = db.get_multiple_database_info(account) if dbo.database == "FAIL" or dbo.database == "DISABLED": al.error( "auth failed - invalid smaccount %s from %s" % (account, remoteip), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid database") # Does the method require us to authenticate? If so, do it. user = None if method in AUTH_METHODS: user = users.authenticate(dbo, username, password) if user is None: al.error( "auth failed - %s/%s is not a valid username/password from %s" % (username, password, remoteip), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid username and password") # Get the preferred locale for the site dbo.locale = configuration.locale(dbo) al.info("call %s->%s [%s %s]" % (username, method, str(animalid), title), "service.handler", dbo) if method == "animal_image": # If we have a hotlinking restriction, enforce it if referer != "" and IMAGE_HOTLINKING_ONLY_FROM_DOMAIN != "" and referer.find( IMAGE_HOTLINKING_ONLY_FROM_DOMAIN) == -1: raise utils.ASMPermissionError("Image hotlinking is forbidden.") if animalid == "" or utils.cint(animalid) == 0: al.error( "animal_image failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid animalid") # If the option is on, forbid hotlinking else: seq = utils.df_ki(data, "seq") if seq == 0: seq = 1 mm = media.get_media_by_seq(dbo, media.ANIMAL, utils.cint(animalid), seq) if len(mm) == 0: return ("image/jpeg", 86400, dbfs.get_string(dbo, "nopic.jpg", "/reports")) else: return ("image/jpeg", 86400, dbfs.get_string(dbo, mm[0]["MEDIANAME"])) elif method == "extra_image": return ("image/jpeg", 86400, dbfs.get_string(dbo, title, "/reports")) elif method == "json_adoptable_animals": pc = publish.PublishCriteria(configuration.publisher_presets(dbo)) rs = publish.get_animal_data(dbo, pc, True) return set_cached_response(cache_key, "application/json", 3600, html.json(rs)) elif method == "xml_adoptable_animals": pc = publish.PublishCriteria(configuration.publisher_presets(dbo)) rs = publish.get_animal_data(dbo, pc, True) return set_cached_response(cache_key, "application/xml", 3600, html.xml(rs)) elif method == "json_recent_adoptions": rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/json", 3600, html.json(rs)) elif method == "xml_recent_adoptions": rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/xml", 3600, html.xml(rs)) elif method == "html_report": crid = reports.get_id(dbo, title) p = reports.get_criteria_params(dbo, crid, data) rhtml = reports.execute(dbo, crid, username, p) return set_cached_response(cache_key, "text/html", 3600, rhtml) elif method == "jsonp_shelter_animals": sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response( cache_key, "application/javascript", 3600, str(utils.df_ks(data, "callback")) + "(" + html.json(sa) + ")") elif method == "json_shelter_animals": sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response(cache_key, "application/json", 3600, html.json(sa)) elif method == "xml_shelter_animals": sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response(cache_key, "application/xml", 3600, html.json(sa)) elif method == "upload_animal_image": media.attach_file_from_form(dbo, username, media.ANIMAL, int(animalid), data) return ("text/plain", 0, "OK") elif method == "online_form_html": if formid == 0: raise utils.ASMError( "method online_form_html requires a valid formid") return set_cached_response(cache_key, "text/html", 120, onlineform.get_onlineform_html(dbo, formid)) elif method == "online_form_post": onlineform.insert_onlineformincoming_from_form(dbo, data, remoteip) redirect = utils.df_ks(data, "redirect") if redirect == "": redirect = BASE_URL + "/static/pages/form_submitted.html" return ("redirect", 0, redirect) else: al.error("invalid method '%s'" % method, "service.handler", dbo) raise utils.ASMError("Invalid method '%s'" % method)