def MKCOL(self, REQUEST, RESPONSE): """Create a new collection resource.""" self.dav__init(REQUEST, RESPONSE) if REQUEST.get('BODY', ''): raise UnsupportedMediaType('Unknown request body.') name = self.__name__ parent = self.__parent__ if hasattr(aq_base(parent), name): raise MethodNotAllowed('The name %s is in use.' % name) if not isDavCollection(parent): raise Forbidden('Cannot create collection at this location.') ifhdr = REQUEST.get_header('If', '') if IWriteLock.providedBy(parent) and parent.wl_isLocked(): if ifhdr: parent.dav__simpleifhandler(REQUEST, RESPONSE, col=1) else: raise Locked elif ifhdr: # There was an If header, but the parent is not locked raise PreconditionFailed # Add hook for webdav MKCOL (Collector #2254) (needed for CMF) mkcol_handler = getattr(parent, 'MKCOL_handler', parent.manage_addFolder) mkcol_handler(name) RESPONSE.setStatus(201) RESPONSE.setBody('') return RESPONSE
def _handleDelete(self): adapter = queryMultiAdapter((aq_inner(self.context), self.request), ISWORDEditIRI) if adapter is None: raise MethodNotAllowed( "Method DELETE is not supported in this context") return adapter()
def __call__(self): if self.request.method != 'POST': raise MethodNotAllowed() if not IAnnotations( self.context)[PDF_SAVE_TOKEN_KEY] == self.get_opaque_id(): raise Unauthorized return super(ReceiveDocumentPDF, self).__call__()
def __call__(self): if self.request.method != 'POST': raise MethodNotAllowed() self.model = self.context.model self.committee = self.model.committee.oguid.resolve_object() return super(ReceiveZipPdf, self).__call__()
def _handleGet(self): """ Lookup EditIRI adapter, call it to get a deposit receipt. """ adapter = queryMultiAdapter((aq_inner(self.context), self.request), ISWORDEditIRI) if adapter is None: adapter = queryMultiAdapter((self.context, self.request), ISWORDListCollection) if adapter is None: raise MethodNotAllowed("Method GET is not supported for %s" % \ self.request['PATH_INFO']) return adapter._handleGet()
def __call__(self): method = self.request.get('REQUEST_METHOD') if method == 'POST': return self._handlePost() elif method == 'GET': return self._handleGet() elif method == 'PUT': return self._handlePut() elif method == 'DELETE': return self._handleDelete() else: raise MethodNotAllowed("Method %s not supported" % method)
def PUT(self, REQUEST, RESPONSE): """ Create a new non-collection resource, deleting the LockNull object from the container before putting the new object in. """ self.dav__init(REQUEST, RESPONSE) name = self.__name__ parent = self.aq_parent parenturl = parent.absolute_url() ifhdr = REQUEST.get_header('If', '') # Since a Lock null resource is always locked by definition, all # operations done by an owner of the lock that affect the resource # MUST have the If header in the request if not ifhdr: raise PreconditionFailed('No If-header') # First we need to see if the parent of the locknull is locked, and # if the user owns that lock (checked by handling the information in # the If header). if IWriteLock.providedBy(parent) and parent.wl_isLocked(): itrue = parent.dav__simpleifhandler(REQUEST, RESPONSE, 'PUT', col=1, url=parenturl, refresh=1) if not itrue: raise PreconditionFailed( 'Condition failed against resources parent') # Now we need to check the If header against our own lock state itrue = self.dav__simpleifhandler(REQUEST, RESPONSE, 'PUT', refresh=1) if not itrue: raise PreconditionFailed( 'Condition failed against locknull resource') # All of the If header tests succeeded, now we need to remove ourselves # from our parent. We need to transfer lock state to the new object. locks = self.wl_lockItems() parent._delObject(name) # Now we need to go through the regular operations of PUT body = REQUEST.get('BODY', '') typ = REQUEST.get_header('content-type', None) if typ is None: typ, enc = guess_content_type(name, body) factory = getattr(parent, 'PUT_factory', self._default_PUT_factory) ob = factory(name, typ, body) or self._default_PUT_factory( name, typ, body) # Verify that the user can create this type of object try: parent._verifyObjectPaste(ob.__of__(parent), 0) except Unauthorized: raise except Exception: raise Forbidden(sys.exc_info()[1]) # Put the locks on the new object if not IWriteLock.providedBy(ob): raise MethodNotAllowed('The target object type cannot be locked') for token, lock in locks: ob.wl_setLock(token, lock) # Delegate actual PUT handling to the new object. ob.PUT(REQUEST, RESPONSE) parent._setObject(name, ob) RESPONSE.setStatus(201) RESPONSE.setBody('') return RESPONSE
def PUT(self, REQUEST, RESPONSE): """ Disable HTTP PUT for preventing upload to dmd without authentication """ raise MethodNotAllowed('Method not supported for this resource.')
def PROPFIND(self, REQUEST, RESPONSE): """ We don't support webdav, at all! """ from zExceptions import MethodNotAllowed raise MethodNotAllowed('Method not supported for this resource.')
def apply(self, obj, creator=None, depth='infinity', token=None, result=None, url=None, top=1): """ Apply, built for recursion (so that we may lock subitems of a collection if requested """ if result is None: result = StringIO() url = urlfix(self.request['URL'], 'LOCK') url = urlbase(url) iscol = isDavCollection(obj) if iscol and url[-1] != '/': url = url + '/' errmsg = None exc_ob = None lock = None try: lock = LockItem(creator, self.owner, depth, self.timeout, self.type, self.scope, token) if token is None: token = lock.getLockToken() except ValueError: errmsg = "412 Precondition Failed" exc_ob = HTTPPreconditionFailed() except Exception: errmsg = "403 Forbidden" exc_ob = Forbidden() try: if not IWriteLock.providedBy(obj): if top: # This is the top level object in the apply, so we # do want an error errmsg = "405 Method Not Allowed" exc_ob = MethodNotAllowed() else: # We're in an infinity request and a subobject does # not support locking, so we'll just pass pass elif obj.wl_isLocked(): errmsg = "423 Locked" exc_ob = ResourceLockedError() else: method = getattr(obj, 'wl_setLock') vld = getSecurityManager().validate(None, obj, 'wl_setLock', method) if vld and token and (lock is not None): obj.wl_setLock(token, lock) else: errmsg = "403 Forbidden" exc_ob = Forbidden() except Exception: errmsg = "403 Forbidden" exc_ob = Forbidden() if errmsg: if top and ((depth in (0, '0')) or (not iscol)): # We don't need to raise multistatus errors raise exc_ob elif not result.getvalue(): # We haven't had any errors yet, so our result is empty # and we need to set up the XML header result.write('<?xml version="1.0" encoding="utf-8" ?>\n' '<d:multistatus xmlns:d="DAV:">\n') result.write('<d:response>\n <d:href>%s</d:href>\n' % url) result.write(' <d:status>HTTP/1.1 %s</d:status>\n' % errmsg) result.write('</d:response>\n') if depth == 'infinity' and iscol: for ob in obj.objectValues(): if hasattr(obj, '__dav_resource__'): uri = urljoin(url, absattr(ob.getId())) self.apply(ob, creator, depth, token, result, uri, top=0) if not top: return token, result if result.getvalue(): # One or more subitems probably failed, so close the multistatus # element and clear out all succesful locks result.write('</d:multistatus>') transaction.abort() # This *SHOULD* clear all succesful locks return token, result.getvalue()