from tactic.ui.startup import DbConfigPanelWdg widget = DivWdg() widget.add( top ) widget.add( DbConfigPanelWdg() ) widget.add( BottomWdg() ) web_app = WebApp() web_app.get_display(widget) return # handle licensing license = security.get_license() user_name = security.get_user_name() is_licensed = license.is_licensed() # handle url security url_security = UrlSecurity() html = url_security.get_display() if html: widget = Widget() widget.add(html.getvalue()) widget.get_display() return web = WebContainer.get_web()
def _get_display(self): # set up the security object from pyasm.security import Security, Sudo from pyasm.biz import Project from pyasm.web import WebContainer web = WebContainer.get_web() # guest mode # allow_guest = Config.get_value("security", "allow_guest") if allow_guest == 'true': allow_guest = True else: allow_guest = False site_obj = Site.get() site_allow_guest = site_obj.allow_guest() if site_allow_guest != None: allow_guest = site_allow_guest security = Security() try: security = self.handle_security(security) is_logged_in = security.is_logged_in() except Exception as e: print("AppServer Exception: ", e) return self.handle_not_logged_in() guest_mode = Config.get_value("security", "guest_mode") if not guest_mode: guest_mode = 'restricted' # Test #allow_guest = True #guest_mode = "full" # if not logged in, then log in as guest if not is_logged_in: if not allow_guest: return self.handle_not_logged_in() else: # login as guest security = Security() self.handle_guest_security(security) # for here on, the user is logged in login_name = Environment.get_user_name() is_upload = '/UploadServer' in web.get_request_url().to_string() # check if the user has permission to see this project project = web.get_context_name() if project == 'default': override_default = Project.get_default_project() if override_default: project = override_default if is_upload: print("IS UPLOAD") access = True elif project != 'default': # make sure the security check is done on the appropriate site path_info = site_obj.get_request_path_info() if path_info: site = path_info.get("site") Site.set_site(site) s = Environment.get_security() has_site = True else: s = security has_site = False try: security_version = get_security_version() if security_version == 1: default = "view" access = s.check_access("project", project, "view", default="view") else: default = "deny" key = {"code": project} key2 = {"code": "*"} keys = [key, key2] access = s.check_access("project", keys, "allow", default=default) finally: if has_site: Site.pop_site() else: # you always have access to the default project access = True if not access: if login_name == "guest": from pyasm.widget import WebLoginWdg msg = web.get_form_value(WebLoginWdg.LOGIN_MSG) if not msg: msg = "User [%s] is not allowed to see this project [%s]" % ( login_name, project) web.set_form_value(WebLoginWdg.LOGIN_MSG, msg) return self.handle_not_logged_in(allow_change_admin=False) else: from pyasm.widget import BottomWdg, Error403Wdg widget = Widget() top = self.get_top_wdg() widget.add(top) widget.add(Error403Wdg()) widget.add(BottomWdg()) widget.get_display() if is_upload: print( "WARNING: User [%s] is not allowed to upload to project [%s]." % (login_name, project)) return if login_name == 'guest': # let the site handle the guest completely guest_wdg = site_obj.get_guest_wdg(self.hash) if guest_wdg: web_app = WebApp() web_app.get_display(guest_wdg) return # some extra precautions in guest mode if login_name == 'guest' and guest_mode != "full": # show a restricted guest mode from pyasm.widget import WebLoginWdg, BottomWdg from tactic.ui.app import TitleTopWdg from pyasm.biz import Project from tactic.ui.panel import HashPanelWdg web = WebContainer.get_web() widget = Widget() top = TitleTopWdg() widget.add(top) body = top.get_body() body.add_color("background", "background") body.add_color("color", "color") has_site = False # use the path to set the project and/or site path_info = site_obj.get_request_path_info() if path_info: path_site = path_info.get("site") try: Site.set_site(path_site) has_site = True except Exception as e: print("WARNING: ", e) current_project = web.get_context_name() else: current_project = path_info.get("project_code") if not current_project: current_project = web.get_context_name() else: # get the project from the url because we are still # in the admin project at this stage current_project = web.get_context_name() sudo = Sudo() try: if current_project != "default": project = Project.get_by_code(current_project, use_cache=False) if not project: raise Exception("Project [%s] does not exist" % current_project) except Exception as e: print("WARNING: ", e) web_wdg = None else: if not current_project or current_project == "default": current_project = Project.get_default_project() if current_project and current_project != "default": try: Project.set_project(current_project) except SecurityException as e: print(e) if 'is not permitted to view project' in e.__str__(): pass else: raise # find the guest views #search = Search("config/url") #urls = search.get_sobjects() #open_hashes = [x.get("url").lstrip("/").split("/")[0] for x in urls] link = "/%s" % "/".join(self.hash) # guest views open_hashes = site_obj.get_guest_hashes() if len(self.hash) >= 1 and self.hash[0] in open_hashes: web_wdg = HashPanelWdg.get_widget_from_hash( link, return_none=True) else: web_wdg = None if not web_wdg: web_wdg = HashPanelWdg.get_widget_from_hash( "/guest", return_none=True, kwargs={"hash": link}) if web_wdg: if not isinstance(web_wdg, basestring): web_wdg = web_wdg.get_buffer_display() top.add(web_wdg) else: web_wdg = None finally: sudo.exit() if has_site: Site.pop_site() if not web_wdg: msg = "No default page defined for guest user. Please set up /guest in Custom URL." web.set_form_value(WebLoginWdg.LOGIN_MSG, msg) return self.handle_not_logged_in(allow_change_admin=False) # create a web app and run it through the pipeline web_app = WebApp() web_app.get_display(widget) return # Full access # if a guest has full access, then handle it here if login_name == 'guest' and guest_mode == "full": # some extra security for guest users guest_url_allow = Config.get_value("security", "guest_url_allow") if guest_url_allow: items = guest_url_allow.split("|") allowed = False if self.hash: url = self.hash[0] else: url = "index" for item in items: item = item.strip("/") if item == url: allowed = True break if not allowed: return self.handle_not_logged_in() # Welcome message for first time run is_first_run = Environment.is_first_run() if is_first_run: from pyasm.widget import WebLoginWdg, BottomWdg top = self.get_top_wdg() from tactic.ui.app import PageHeaderWdg from tactic.ui.startup import DbConfigPanelWdg widget = DivWdg() widget.add(top) widget.add(DbConfigPanelWdg()) widget.add(BottomWdg()) web_app = WebApp() web_app.get_display(widget) return # handle licensing license = security.get_license() user_name = security.get_user_name() is_licensed = license.is_licensed() # handle url security url_security = UrlSecurity() html = url_security.get_display() if html: widget = Widget() widget.add(html.getvalue()) widget.get_display() return web = WebContainer.get_web() # FIXME: although this works, it should be cleaned up # determine the type of request if '/UploadServer' in web.get_request_url().to_string(): page_type = "upload" elif web.get_form_value("ajax") != "": page_type = "ajax" elif web.get_form_value("dynamic_file") != "": # this mode creates a file dynamically page_type = "dynamic_file" else: page_type = "normal" # TODO: the following could be combined into a page_init function # provide the opportunity to set some templates self.set_templates() self.add_triggers() self.init_web_container() # install the language Translation.install() path_info = site_obj.get_request_path_info() if path_info and path_info.get("site") != "default": Site.set_site(path_info.get("site")) project_code = path_info.get("project_code") # handle the case where the project does not exist project = Project.get(no_exception=True) if not project: from pyasm.widget import BottomWdg, Error404Wdg Project.set_project("admin") widget = Widget() top = self.get_top_wdg() widget.add(top) widget.add(Error404Wdg()) widget.add(BottomWdg()) widget.get_display() return widget # get the content of the page try: widget = self.get_content(page_type) except Exception as e: print("ERROR: ", e) from pyasm.widget import BottomWdg, Error403Wdg widget = Widget() top = self.get_top_wdg() widget.add(top) widget.add(Error403Wdg()) widget.add(BottomWdg()) widget.get_display() # put an annoying alert if there is a problem with the license if not is_licensed: # to be sure, reread license. This gets around the problem # of the extra error message when uploading a new license license = security.reread_license() is_licensed = license.is_licensed() if not is_licensed: widget.add("<script>alert('%s')</script>" % license.get_message()) # create a web app and run it through the pipeline web_app = WebApp() web_app.get_display(widget)
top = my.get_top_wdg() from tactic.ui.app import PageHeaderWdg from tactic.ui.startup import DbConfigPanelWdg widget = DivWdg() widget.add(top) widget.add(DbConfigPanelWdg()) widget.add(BottomWdg()) web_app = WebApp() web_app.get_display(widget) return # handle licensing license = security.get_license() user_name = security.get_user_name() is_licensed = license.is_licensed() # handle url security url_security = UrlSecurity() html = url_security.get_display() if html: widget = Widget() widget.add(html.getvalue()) widget.get_display() return web = WebContainer.get_web() # FIXME: although this works, it should be cleaned up
def _get_display(self): # set up the security object from pyasm.security import Security, Sudo from pyasm.biz import Project from pyasm.web import WebContainer web = WebContainer.get_web() # guest mode # allow_guest = Config.get_value("security", "allow_guest") if allow_guest == 'true': allow_guest = True else: allow_guest = False site_obj = Site.get() site_allow_guest = site_obj.allow_guest() if site_allow_guest != None: allow_guest = site_allow_guest security = Security() try: security = self.handle_security(security) is_logged_in = security.is_logged_in() except Exception as e: print("AppServer Exception: ", e) return self.handle_not_logged_in() guest_mode = Config.get_value("security", "guest_mode") if not guest_mode: guest_mode = 'restricted' # Test #allow_guest = True #guest_mode = "full" # if not logged in, then log in as guest if not is_logged_in: if not allow_guest: return self.handle_not_logged_in() else: # login as guest security = Security() self.handle_guest_security(security) # for here on, the user is logged in login_name = Environment.get_user_name() is_upload = '/UploadServer' in web.get_request_url().to_string() # check if the user has permission to see this project project = web.get_context_name() if project == 'default': override_default = Project.get_default_project() if override_default: project = override_default if is_upload: print("IS UPLOAD") access = True elif project != 'default': # make sure the security check is done on the appropriate site path_info = site_obj.get_request_path_info() if path_info: site = path_info.get("site") Site.set_site(site) s = Environment.get_security() has_site = True else: s = security has_site = False try: security_version = get_security_version() if security_version == 1: default = "view" access = s.check_access("project", project, "view", default="view") else: default = "deny" key = { "code": project } key2 = { "code": "*" } keys = [key, key2] access = s.check_access("project", keys, "allow", default=default) finally: if has_site: Site.pop_site() else: # you always have access to the default project access = True if not access: if login_name == "guest": from pyasm.widget import WebLoginWdg msg = web.get_form_value(WebLoginWdg.LOGIN_MSG) if not msg: msg = "User [%s] is not allowed to see this project [%s]" % (login_name, project) web.set_form_value(WebLoginWdg.LOGIN_MSG, msg) return self.handle_not_logged_in(allow_change_admin=False) else: from pyasm.widget import BottomWdg, Error403Wdg widget = Widget() top = self.get_top_wdg() widget.add( top ) widget.add( Error403Wdg() ) widget.add( BottomWdg() ) widget.get_display() if is_upload: print("WARNING: User [%s] is not allowed to upload to project [%s]."%(login_name, project)) return if login_name == 'guest': # let the site handle the guest completely guest_wdg = site_obj.get_guest_wdg(self.hash) if guest_wdg: web_app = WebApp() web_app.get_display(guest_wdg) return # some extra precautions in guest mode if login_name == 'guest' and guest_mode != "full": # show a restricted guest mode from pyasm.widget import WebLoginWdg, BottomWdg from tactic.ui.app import TitleTopWdg from pyasm.biz import Project from tactic.ui.panel import HashPanelWdg web = WebContainer.get_web() widget = Widget() top = TitleTopWdg() widget.add(top) body = top.get_body() body.add_color("background", "background") body.add_color("color", "color") has_site = False # use the path to set the project and/or site path_info = site_obj.get_request_path_info() if path_info: path_site = path_info.get("site") try: Site.set_site(path_site) has_site = True except Exception as e: print("WARNING: ", e) current_project = web.get_context_name() else: current_project = path_info.get("project_code") if not current_project: current_project = web.get_context_name() else: # get the project from the url because we are still # in the admin project at this stage current_project = web.get_context_name() sudo = Sudo() try: if current_project != "default": project = Project.get_by_code(current_project, use_cache=False) if not project: raise Exception("Project [%s] does not exist" % current_project) except Exception as e: print("WARNING: ", e) web_wdg = None else: if not current_project or current_project == "default": current_project = Project.get_default_project() if current_project and current_project != "default": try: Project.set_project(current_project) except SecurityException as e: print(e) if 'is not permitted to view project' in e.__str__(): pass else: raise # find the guest views #search = Search("config/url") #urls = search.get_sobjects() #open_hashes = [x.get("url").lstrip("/").split("/")[0] for x in urls] link = "/%s" % "/".join(self.hash) # guest views open_hashes = site_obj.get_guest_hashes() if len(self.hash) >= 1 and self.hash[0] in open_hashes: web_wdg = HashPanelWdg.get_widget_from_hash(link, return_none=True) else: web_wdg = None if not web_wdg: web_wdg = HashPanelWdg.get_widget_from_hash("/guest", return_none=True, kwargs={"hash": link}) if web_wdg: if not isinstance(web_wdg, basestring): web_wdg = web_wdg.get_buffer_display() top.add(web_wdg) else: web_wdg = None finally: sudo.exit() if has_site: Site.pop_site() if not web_wdg: msg = "No default page defined for guest user. Please set up /guest in Custom URL." web.set_form_value(WebLoginWdg.LOGIN_MSG, msg) return self.handle_not_logged_in(allow_change_admin=False) # create a web app and run it through the pipeline web_app = WebApp() web_app.get_display(widget) return # Full access # if a guest has full access, then handle it here if login_name == 'guest' and guest_mode == "full": # some extra security for guest users guest_url_allow = Config.get_value("security", "guest_url_allow") if guest_url_allow: items = guest_url_allow.split("|") allowed = False if self.hash: url = self.hash[0] else: url = "index" for item in items: item = item.strip("/") if item == url: allowed = True break if not allowed: return self.handle_not_logged_in() # Welcome message for first time run is_first_run = Environment.is_first_run() if is_first_run: from pyasm.widget import WebLoginWdg, BottomWdg top = self.get_top_wdg() from tactic.ui.app import PageHeaderWdg from tactic.ui.startup import DbConfigPanelWdg widget = DivWdg() widget.add( top ) widget.add( DbConfigPanelWdg() ) widget.add( BottomWdg() ) web_app = WebApp() web_app.get_display(widget) return # handle licensing license = security.get_license() user_name = security.get_user_name() is_licensed = license.is_licensed() # handle url security url_security = UrlSecurity() html = url_security.get_display() if html: widget = Widget() widget.add(html.getvalue()) widget.get_display() return web = WebContainer.get_web() # FIXME: although this works, it should be cleaned up # determine the type of request if '/UploadServer' in web.get_request_url().to_string(): page_type = "upload" elif web.get_form_value("ajax") != "": page_type = "ajax" elif web.get_form_value("dynamic_file") != "": # this mode creates a file dynamically page_type = "dynamic_file" else: page_type = "normal" # TODO: the following could be combined into a page_init function # provide the opportunity to set some templates self.set_templates() self.add_triggers() self.init_web_container() # install the language Translation.install() path_info = site_obj.get_request_path_info() if path_info and path_info.get("site") != "default": Site.set_site(path_info.get("site")) project_code = path_info.get("project_code") # handle the case where the project does not exist project = Project.get(no_exception=True) if not project: from pyasm.widget import BottomWdg, Error404Wdg Project.set_project("admin") widget = Widget() top = self.get_top_wdg() widget.add( top ) widget.add( Error404Wdg() ) widget.add( BottomWdg() ) widget.get_display() return widget # get the content of the page try: widget = self.get_content(page_type) except Exception as e: print("ERROR: ", e) from pyasm.widget import BottomWdg, Error403Wdg widget = Widget() top = self.get_top_wdg() widget.add( top ) widget.add( Error403Wdg() ) widget.add( BottomWdg() ) widget.get_display() # put an annoying alert if there is a problem with the license if not is_licensed: # to be sure, reread license. This gets around the problem # of the extra error message when uploading a new license license = security.reread_license() is_licensed = license.is_licensed() if not is_licensed: widget.add("<script>alert('%s')</script>" % license.get_message()) # create a web app and run it through the pipeline web_app = WebApp() web_app.get_display(widget)