def _dispatch(cls):
cls._handle_debug()
# locate the controller method
try:
rule, arguments = cls._match(request.httprequest.path)
func = rule.endpoint
except werkzeug.exceptions.NotFound as e:
return cls._handle_exception(e)
# check authentication level
try:
auth_method = cls._authenticate(func.routing["auth"])
except Exception as e:
return cls._handle_exception(e)
processing = cls._postprocess_args(arguments, rule)
if processing:
return processing
# set and execute handler
try:
request.set_handler(func, arguments, auth_method)
result = request.dispatch()
if isinstance(result, Exception):
raise result
except Exception as e:
return cls._handle_exception(e)
return result
def _dispatch(cls):
# locate the controller method
try:
rule, arguments = cls._find_handler(return_rule=True)
func = rule.endpoint
except werkzeug.exceptions.NotFound as e:
return cls._handle_exception(e)
# check authentication level
try:
auth_method = cls._authenticate(func.routing["auth"])
except Exception as e:
return cls._handle_exception(e)
processing = cls._postprocess_args(arguments, rule)
if processing:
return processing
# set and execute handler
try:
request.set_handler(func, arguments, auth_method)
result = request.dispatch()
if isinstance(result, Exception):
raise result
except Exception as e:
return cls._handle_exception(e)
return result
def _dispatch(cls):
# locate the controller method
try:
rule, arguments = cls._find_handler(return_rule=True)
func = rule.endpoint
except werkzeug.exceptions.NotFound as e:
return cls._handle_exception(e)
# check authentication level
try:
auth_method = cls._authenticate(func.routing["auth"])
except Exception as e:
return cls._handle_exception(e)
processing = cls._postprocess_args(arguments, rule)
if processing:
return processing
# set and execute handler
try:
request.set_handler(func, arguments, auth_method)
result = request.dispatch()
if isinstance(result, Exception):
raise result
except Exception as e:
return cls._handle_exception(e)
if result.data:
isValid = validateJSON(result.data)
if isValid:
error_data = json.loads(result.data)
if 'error' in error_data:
error_data['error']['message'] = 'ZPMS'
result.data = json.dumps(error_data, sort_keys=True)
return result
class IrHttp(models.AbstractModel):
_name = 'ir.http'
_description = "HTTP routing"
def _get_converters(self):
return {
'model': ModelConverter,
'models': ModelsConverter,
'int': SignedIntConverter
}
def _find_handler(self, return_rule=False):
return self.routing_map().bind_to_environ(
request.httprequest.environ).match(return_rule=return_rule)
def _auth_method_user(self):
request.uid = request.session.uid
if not request.uid:
raise http.SessionExpiredException("Session expired")
def _auth_method_none(self):
request.uid = None
def _auth_method_public(self):
if not request.session.uid:
request.uid = request.env.ref('base.public_user').id
else:
request.uid = request.session.uid
def _authenticate(self, auth_method='user'):
try:
if request.session.uid:
try:
request.session.check_security()
# what if error in security.check()
# -> res_users.check()
# -> res_users.check_credentials()
except (AccessDenied, http.SessionExpiredException):
# All other exceptions mean undetermined status (e.g. connection pool full),
# let them bubble up
request.session.logout(keep_db=True)
if request.uid is None:
getattr(self, "_auth_method_%s" % auth_method)()
except (AccessDenied, http.SessionExpiredException,
werkzeug.exceptions.HTTPException):
raise
except Exception:
_logger.info("Exception during request Authentication.",
exc_info=True)
raise AccessDenied()
return auth_method
def _serve_attachment(self):
env = api.Environment(request.cr, SUPERUSER_ID, request.context)
domain = [('type', '=', 'binary'),
('url', '=', request.httprequest.path)]
fields = ['__last_update', 'datas', 'name', 'mimetype', 'checksum']
attach = env['ir.attachment'].search_read(domain, fields)
if attach:
wdate = attach[0]['__last_update']
datas = attach[0]['datas'] or ''
name = attach[0]['name']
checksum = attach[0]['checksum'] or hashlib.sha1(datas).hexdigest()
if (not datas and name != request.httprequest.path
and name.startswith(('http://', 'https://', '/'))):
return werkzeug.utils.redirect(name, 301)
response = werkzeug.wrappers.Response()
server_format = tools.DEFAULT_SERVER_DATETIME_FORMAT
try:
response.last_modified = datetime.datetime.strptime(
wdate, server_format + '.%f')
except ValueError:
# just in case we have a timestamp without microseconds
response.last_modified = datetime.datetime.strptime(
wdate, server_format)
response.set_etag(checksum)
response.make_conditional(request.httprequest)
if response.status_code == 304:
return response
response.mimetype = attach[0][
'mimetype'] or 'application/octet-stream'
response.data = datas.decode('base64')
return response
def _handle_exception(self, exception):
# If handle_exception returns something different than None, it will be used as a response
# This is done first as the attachment path may
# not match any HTTP controller
if isinstance(
exception,
werkzeug.exceptions.HTTPException) and exception.code == 404:
attach = self._serve_attachment()
if attach:
return attach
# Don't handle exception but use werkeug debugger if server in --dev mode
if 'werkzeug' in tools.config['dev_mode']:
raise
try:
return request._handle_exception(exception)
except AccessDenied:
return werkzeug.exceptions.Forbidden()
def _dispatch(self):
# locate the controller method
try:
rule, arguments = self._find_handler(return_rule=True)
func = rule.endpoint
except werkzeug.exceptions.NotFound, e:
return self._handle_exception(e)
# check authentication level
try:
auth_method = self._authenticate(func.routing["auth"])
except Exception as e:
return self._handle_exception(e)
processing = self._postprocess_args(arguments, rule)
if processing:
return processing
# set and execute handler
try:
request.set_handler(func, arguments, auth_method)
result = request.dispatch()
if isinstance(result, Exception):
raise result
except Exception, e:
return self._handle_exception(e)
