def _dispatch(self):
# locate the controller method
try:
rule, arguments = self._find_handler(return_rule=True)
func = rule.endpoint
except werkzeug.exceptions.NotFound as e:
return self._handle_exception(e)
# check authentication level
try:
auth_method = self._authenticate(func.routing["auth"])
except Exception as e:
return self._handle_exception(e)
processing = self._postprocess_args(arguments, rule)
if processing:
return processing
# set and execute handler
try:
request.set_handler(func, arguments, auth_method)
result = request.dispatch()
if isinstance(result, Exception):
raise result
except Exception as e:
return self._handle_exception(e)
return result
class ir_http(osv.AbstractModel):
_name = 'ir.http'
_description = "HTTP routing"
def _get_converters(self):
return {'model': ModelConverter, 'models': ModelsConverter}
def _find_handler(self, return_rule=False):
return self.routing_map().bind_to_environ(
request.httprequest.environ).match(return_rule=return_rule)
def _auth_method_user(self):
request.uid = request.session.uid
if not request.uid:
raise http.SessionExpiredException("Session expired")
def _auth_method_none(self):
request.uid = None
def _auth_method_public(self):
if not request.session.uid:
dummy, request.uid = self.pool[
'ir.model.data'].get_object_reference(request.cr,
openerp.SUPERUSER_ID,
'base', 'public_user')
else:
request.uid = request.session.uid
def _authenticate(self, auth_method='user'):
try:
if request.session.uid:
try:
request.session.check_security()
# what if error in security.check()
# -> res_users.check()
# -> res_users.check_credentials()
except (openerp.exceptions.AccessDenied,
openerp.http.SessionExpiredException):
# All other exceptions mean undetermined status (e.g. connection pool full),
# let them bubble up
request.session.logout(keep_db=True)
if request.uid is None:
getattr(self, "_auth_method_%s" % auth_method)()
except (openerp.exceptions.AccessDenied,
openerp.http.SessionExpiredException,
werkzeug.exceptions.HTTPException):
raise
except Exception:
_logger.info("Exception during request Authentication.",
exc_info=True)
raise openerp.exceptions.AccessDenied()
return auth_method
def _serve_attachment(self):
domain = [('type', '=', 'binary'),
('url', '=', request.httprequest.path)]
attach = self.pool['ir.attachment'].search_read(
request.cr,
openerp.SUPERUSER_ID,
domain, ['__last_update', 'datas', 'name', 'mimetype', 'checksum'],
context=request.context)
if attach:
wdate = attach[0]['__last_update']
datas = attach[0]['datas'] or ''
name = attach[0]['name']
if not datas:
if name.startswith(('http://', 'https://', '/')):
return werkzeug.utils.redirect(name, 301)
else:
return werkzeug.wrappers.Response(status=204) # NO CONTENT
response = werkzeug.wrappers.Response()
server_format = openerp.tools.misc.DEFAULT_SERVER_DATETIME_FORMAT
try:
response.last_modified = datetime.datetime.strptime(
wdate, server_format + '.%f')
except ValueError:
# just in case we have a timestamp without microseconds
response.last_modified = datetime.datetime.strptime(
wdate, server_format)
response.set_etag(attach[0]['checksum'])
response.make_conditional(request.httprequest)
if response.status_code == 304:
return response
response.mimetype = attach[0][
'mimetype'] or 'application/octet-stream'
response.data = datas.decode('base64')
return response
def _handle_exception(self, exception):
# If handle_exception returns something different than None, it will be used as a response
# This is done first as the attachment path may
# not match any HTTP controller
if isinstance(
exception,
werkzeug.exceptions.HTTPException) and exception.code == 404:
attach = self._serve_attachment()
if attach:
return attach
# Don't handle exception but use werkeug debugger if server in --dev mode
if openerp.tools.config['dev_mode']:
raise
try:
return request._handle_exception(exception)
except openerp.exceptions.AccessDenied:
return werkzeug.exceptions.Forbidden()
def _dispatch(self):
# locate the controller method
try:
rule, arguments = self._find_handler(return_rule=True)
func = rule.endpoint
except werkzeug.exceptions.NotFound, e:
return self._handle_exception(e)
# check authentication level
try:
auth_method = self._authenticate(func.routing["auth"])
except Exception as e:
return self._handle_exception(e)
processing = self._postprocess_args(arguments, rule)
if processing:
return processing
# set and execute handler
try:
request.set_handler(func, arguments, auth_method)
result = request.dispatch()
if isinstance(result, Exception):
raise result
except Exception, e:
return self._handle_exception(e)
class ir_http(osv.AbstractModel):
_name = 'ir.http'
_description = "HTTP routing"
def _get_converters(self):
return {'model': ModelConverter, 'models': ModelsConverter}
def _find_handler(self, return_rule=False):
return self.routing_map().bind_to_environ(
request.httprequest.environ).match(return_rule=return_rule)
def _auth_method_user(self):
request.uid = request.session.uid
if not request.uid:
if not request.params.get('noredirect'):
query = werkzeug.url_encode({
'redirect':
request.httprequest.url,
})
response = werkzeug.utils.redirect('/web/login?%s' % query)
werkzeug.exceptions.abort(response)
raise http.SessionExpiredException("Session expired")
def _auth_method_none(self):
request.uid = None
def _auth_method_public(self):
if not request.session.uid:
dummy, request.uid = self.pool[
'ir.model.data'].get_object_reference(request.cr,
openerp.SUPERUSER_ID,
'base', 'public_user')
else:
request.uid = request.session.uid
def _authenticate(self, auth_method='user'):
try:
if request.session.uid:
try:
request.session.check_security()
# what if error in security.check()
# -> res_users.check()
# -> res_users.check_credentials()
except (openerp.exceptions.AccessDenied,
openerp.http.SessionExpiredException):
# All other exceptions mean undetermined status (e.g. connection pool full),
# let them bubble up
request.session.logout()
getattr(self, "_auth_method_%s" % auth_method)()
except (openerp.exceptions.AccessDenied,
openerp.http.SessionExpiredException):
raise
except Exception:
_logger.exception("Exception during request Authentication.")
raise openerp.exceptions.AccessDenied()
return auth_method
def _handle_exception(self, exception):
# If handle_exception returns something different than None, it will be used as a response
return request._handle_exception(exception)
def _dispatch(self):
# locate the controller method
try:
rule, arguments = self._find_handler(return_rule=True)
func = rule.endpoint
except werkzeug.exceptions.NotFound, e:
return self._handle_exception(e)
# check authentication level
try:
auth_method = self._authenticate(func.routing["auth"])
except Exception:
# force a Forbidden exception with the original traceback
return self._handle_exception(
convert_exception_to(werkzeug.exceptions.Forbidden))
processing = self._postprocess_args(arguments, rule)
if processing:
return processing
# set and execute handler
try:
request.set_handler(func, arguments, auth_method)
result = request.dispatch()
if isinstance(result, Exception):
raise result
except Exception, e:
return self._handle_exception(e)
class ir_http(osv.AbstractModel):
_name = 'ir.http'
_description = "HTTP routing"
def _get_converters(self):
return {'model': ModelConverter, 'models': ModelsConverter}
def _find_handler(self):
return self.routing_map().bind_to_environ(
request.httprequest.environ).match()
def _auth_method_user(self):
request.uid = request.session.uid
if not request.uid:
raise http.SessionExpiredException("Session expired")
def _auth_method_none(self):
request.uid = None
def _auth_method_public(self):
if not request.session.uid:
dummy, request.uid = self.pool[
'ir.model.data'].get_object_reference(request.cr,
openerp.SUPERUSER_ID,
'base', 'public_user')
else:
request.uid = request.session.uid
def _authenticate(self, auth_method='user'):
if request.session.uid:
try:
request.session.check_security()
# what if error in security.check()
# -> res_users.check()
# -> res_users.check_credentials()
except Exception:
request.session.logout()
getattr(self, "_auth_method_%s" % auth_method)()
return auth_method
def _handle_exception(self, exception):
# If handle exception return something different than None, it will be used as a response
raise
def _dispatch(self):
# locate the controller method
try:
func, arguments = self._find_handler()
except werkzeug.exceptions.NotFound, e:
return self._handle_exception(e)
# check authentication level
try:
auth_method = self._authenticate(func.routing["auth"])
except Exception:
# force a Forbidden exception with the original traceback
return self._handle_exception(
convert_exception_to(werkzeug.exceptions.Forbidden))
processing = self._postprocess_args(arguments)
if processing:
return processing
# set and execute handler
try:
request.set_handler(func, arguments, auth_method)
result = request.dispatch()
if isinstance(result, Exception):
raise result
except Exception, e:
return self._handle_exception(e)
