コード例 #1
0
ファイル: __init__.py プロジェクト: replaceafill/pyramid
def forbidden_view(context, request):
    msg = context.message
    result = context.result
    message = msg + "\n" + str(result)
    resp = HTTPForbidden()
    resp.body = bytes_(message)
    return resp
コード例 #2
0
ファイル: __init__.py プロジェクト: firemyst/pyramid
def forbidden_view(context, request):
     msg = context.message
     result = context.result
     message = msg + '\n' + str(result)
     resp = HTTPForbidden()
     resp.body = message
     return resp
コード例 #3
0
ファイル: base.py プロジェクト: awoland/ichnaea
        def closure(request, *args, **kwargs):
            api_key = request.GET.get('key', None)
            raven_client = request.registry.raven_client
            stats_client = request.registry.stats_client

            if api_key is None:
                stats_client.incr('%s.no_api_key' % func_name)
                if error_on_invalidkey:
                    return invalid_api_key_response()

            session = request.db_ro_session
            try:
                result = session.execute(API_CHECK.bindparams(api_key=api_key))
                found_key = result.fetchone()
            except Exception:  # pragma: no cover
                # if we cannot connect to backend DB, skip api key check
                raven_client.captureException()
                stats_client.incr('%s.dbfailure_skip_api_key' % func_name)
                return func(request, *args, **kwargs)

            if found_key is not None:
                maxreq, api_key_log, shortname = found_key
                if not shortname:  # pragma: no cover
                    shortname = api_key

                # remember api key and shortname on the request
                request.api_key_log = bool(api_key_log)
                request.api_key_name = shortname

                stats_client.incr('%s.api_key.%s' % (func_name, shortname))
                should_limit = rate_limit(request.registry.redis_client,
                                          api_key, maxreq=maxreq)
                if should_limit:
                    result = HTTPForbidden()
                    result.content_type = 'application/json'
                    result.body = DAILY_LIMIT
                    return result
                elif should_limit is None:  # pragma: no cover
                    # We couldn't connect to Redis
                    stats_client.incr('%s.redisfailure_skip_limit' % func_name)
            else:
                stats_client.incr('%s.unknown_api_key' % func_name)
                if error_on_invalidkey:
                    return invalid_api_key_response()

                # provide the same api log/name attributes
                request.api_key_log = False
                request.api_key_name = None

            return func(request, *args, **kwargs)
コード例 #4
0
ファイル: base.py プロジェクト: abhinavanurag18/ichnaea
        def closure(request, *args, **kwargs):
            api_key = request.GET.get('key', None)
            heka_client = get_heka_client()
            stats_client = request.registry.stats_client

            if api_key is None:
                stats_client.incr('%s.no_api_key' % func_name)
                if error_on_invalidkey:
                    return invalid_api_key_response()

            session = request.db_slave_session
            try:
                result = session.execute(API_CHECK.bindparams(api_key=api_key))
                found_key = result.fetchone()
            except Exception:
                # if we cannot connect to backend DB, skip api key check
                heka_client.raven(RAVEN_ERROR)
                stats_client.incr('%s.dbfailure_skip_api_key' % func_name)
                return func(request, *args, **kwargs)

            if found_key is not None:
                maxreq, shortname = found_key
                if not shortname:
                    shortname = api_key
                stats_client.incr('%s.api_key.%s' % (func_name, shortname))
                should_limit = rate_limit(request.registry.redis_client,
                                          api_key, maxreq=maxreq)
                if should_limit:
                    result = HTTPForbidden()
                    result.content_type = 'application/json'
                    result.body = DAILY_LIMIT
                    return result
                elif should_limit is None:
                    # We couldn't connect to Redis
                    stats_client.incr('%s.redisfailure_skip_limit' % func_name)
            else:
                stats_client.incr('%s.unknown_api_key' % func_name)
                if error_on_invalidkey:
                    return invalid_api_key_response()

            return func(request, *args, **kwargs)
コード例 #5
0
 def get_target_user_table(self, target: str) -> Optional[UserTable]:
     if not target or "@" not in target:
         return None
     if target == self.request.user.email:
         target_user = self.request.user
     else:
         target_user = DBSession.query(User).filter(
             User.email == target).one()
     if (target_user not in self.context.lecture_resource.dossier_resource.
             dossier.team.users):
         raise HTTPForbidden("Transfert non autorisé")
     return target_user.table_for(self.lecture)
コード例 #6
0
ファイル: layers.py プロジェクト: vicb/c2cgeoportal
 def security_cb(r, o):
     geom_attr = getattr(o, _get_geom_col_info(layer)[0])
     allowed = DBSession.query(
         RestrictionArea.area.collect.gcontains(geom_attr))
     allowed = allowed.join(RestrictionArea.roles)
     allowed = allowed.join(RestrictionArea.layers)
     allowed = allowed.filter(RestrictionArea.area.area > 0)
     allowed = allowed.filter(RestrictionArea.readwrite == True)
     allowed = allowed.filter(Role.id == request.user.role.id)
     allowed = allowed.filter(Layer.id == layer.id).scalar()
     if not allowed:
         raise HTTPForbidden()
コード例 #7
0
ファイル: tinyowsproxy.py プロジェクト: pfirpfel/c2cgeoportal
    def proxy(self):
        if self.user is None:
            raise HTTPUnauthorized(
                "Authentication required",
                headers=[("WWW-Authenticate", 'Basic realm="TinyOWS"')]
            )

        operation = self.lower_params.get("request")
        typenames = \
            set([normalize_typename(self.lower_params.get("typename"))]) \
            if "typename" in self.lower_params \
            else set()

        method = self.request.method
        if method == "POST":
            try:
                (operation, typenames_post) = \
                    self._parse_body(self.request.body)
            except Exception as e:
                log.error("Error while parsing POST request body")
                log.exception(e)
                raise HTTPBadRequest(
                    "Error parsing the request (see logs for more details)")

            typenames = typenames.union(typenames_post)

        if operation is None or operation == "":
            operation = "getcapabilities"

        if operation == "describefeaturetype":
            # for DescribeFeatureType we require that exactly one type-name
            # is given, otherwise we would have to filter the result
            if len(typenames) != 1:
                raise HTTPBadRequest(
                    "Exactly one type-name must be given for "
                    "DescribeFeatureType requests"
                )

        if not self._is_allowed(typenames):
            raise HTTPForbidden(
                "No access rights for at least one of the given type-names"
            )

        # we want clients to cache GetCapabilities and DescribeFeatureType req.
        use_cache = method == "GET" and operation in ("getcapabilities", "describefeaturetype")
        cache_control = PRIVATE_CACHE if use_cache else NO_CACHE

        response = self._proxy_callback(
            operation, self.role_id, cache_control,
            url=self._get_wfs_url(), params=dict(self.request.params), cache=use_cache,
            headers=self._get_headers(), body=self.request.body,
        )
        return response
コード例 #8
0
def get_and_check_subscription(request, company, guid):
    """Get and check permission to access a subscription

    """
    model = SubscriptionModel(request.session)
    subscription = model.get(guid)
    if subscription is None:
        raise HTTPNotFound('No such subscription {}'.format(guid))
    if subscription.customer.company_guid != company.guid:
        raise HTTPForbidden('You have no permission to access subscription {}'
                            .format(guid))
    return subscription
コード例 #9
0
def import_file(request, oid, data, properties):
    """Import document from outer ZFiles database through RPC"""
    container = get_utility(IDocumentContainer)
    if not request.has_permission(CREATE_DOCUMENT_WITH_OWNER_PERMISSION,
                                  context=container):
        raise HTTPForbidden()
    if isinstance(data, Binary):
        data = data.data
    else:
        data = base64.b64decode(data)
    document = container.import_document(oid, data, properties, request)
    return document.oid
コード例 #10
0
 def __init__(self, context, request):
     if request.authenticated_userid is None:
         token = getattr(context, 'pw_token', None)
         rtoken = request.GET.get('t', object())
         if token == rtoken and token.valid:
             super(UserChangePasswordForm, self).__init__(context, request)
             return
     else:
         if request.has_permission(security.PERM_EDIT):
             super(UserChangePasswordForm, self).__init__(context, request)
             return
     raise HTTPForbidden(_("Not allowed"))
コード例 #11
0
def package_versions(context, request):
    """ Render the links for all versions of a package """
    normalized_name = request.db.normalize_name(context.name)

    pkgs = request.db.all(normalized_name)
    if request.registry.use_fallback and not pkgs:
        redirect_url = "%s/%s/" % (request.registry.fallback_url.rstrip('/'),
                                   context.name)
        return HTTPFound(location=redirect_url)
    if not request.access.has_permission(normalized_name, 'read'):
        raise HTTPForbidden()
    return {'pkgs': pkgs}
コード例 #12
0
 def __init__(self, context, request):
     buttons = []
     if request.has_permission(EDIT_COMMENT, context):
         buttons.append(self.button_save)
     if request.has_permission(DELETE_COMMENT, context):
         buttons.append(self.button_delete)
     if not buttons:
         raise HTTPForbidden(
             _("You're not allowed to edit or delete this comment"))
     buttons.append(self.button_cancel)
     self.buttons = buttons
     super(EditCommentForm, self).__init__(context, request)
コード例 #13
0
    def tinfo(self):
        tname = self.request.params.get('tname', None)
        if not tname:
            raise HTTPNotFound()
        tinfo = ptah.resolve('type:%s' % tname)

        if not tinfo:
            raise HTTPNotFound()
        if not tinfo in self.context.__type__.list_types(self.context):
            raise HTTPForbidden()

        return tinfo
コード例 #14
0
def forbid_local_only(container):
    # type: (AnySettingsContainer) -> Any
    """
    Raises an HTTP exception forbidding to resume the operation if invalid configuration is detected.
    """
    config = get_weaver_configuration(container)
    if config not in WEAVER_CONFIGURATIONS_REMOTE:
        raise HTTPForbidden(json={
            "description":
                "Invalid provider operation on [{}] instance. "
                "Processes requires unsupported remote execution.".format(config),
        })
コード例 #15
0
def csrf_check(context, request):
    """
    Checks for csrf validation explicitly from POSTed data.
    """
    if request.method == "POST":
        token = request.POST.get("_csrf", None)
        # if we don't have it in normal POST, and this is ajax,
        # check in json encoded body.
        if not token and request.is_xhr:
            token = request.json_body.get("_csrf", None)
        if not token or token != request.session.get_csrf_token():
            raise HTTPForbidden("CSRF token is missing or invalid")
コード例 #16
0
 def ticket_claim(self):
     """ After login or registration, redirect back here, where information about the ticket will be displayed,
         and a confirmation that you want to use the ticket for the current user.
         
         While we use a regular deform form, it's not ment to be displayed or handle any validation.
     """
     if not self.request.authenticated_userid:
         raise HTTPForbidden(
             "Direct access to this view for unauthorized users not allowed."
         )
     email = self.request.GET.get('email', '')
     ticket = self.context.invite_tickets.get(email, None)
     if ticket and ticket.closed != None:
         msg = _("This ticket has already been used.")
         self.flash_messages.add(msg,
                                 type='danger',
                                 auto_destruct=True,
                                 require_commit=False)
         return HTTPFound(location=self.request.resource_url(self.context))
     schema = get_content_schemas(
         self.request.registry)['Meeting']['claim_ticket']()
     schema = schema.bind(context=self.context,
                          request=self.request,
                          view=self)
     form = deform.Form(schema, buttons=(
         button_add,
         button_cancel,
     ))
     if self.request.GET.get('claim'):
         controls = self.request.params.items()
         try:
             appstruct = form.validate(controls)
         except deform.ValidationFailure, e:
             msg = _(
                 "ticket_validation_fail",
                 default="Ticket validation failed. Either the "
                 "ticket doesn't exist, was already used or the url used improperly. "
                 "If you need help, please contact the moderator that invited you to this meeting."
             )
             self.flash_messages.add(msg,
                                     type='danger',
                                     auto_destruct=False,
                                     require_commit=False)
             url = self.request.resource_url(self.root)
             return HTTPFound(location=url)
         #Everything in order, claim ticket
         ticket = self.context.invite_tickets[appstruct['email']]
         claim_ticket(ticket, self.request,
                      self.request.authenticated_userid)
         self.flash_messages.add(
             _(u"You've been granted access to the meeting. Welcome!"))
         url = self.request.resource_url(self.context)
         return HTTPFound(location=url)
コード例 #17
0
ファイル: views.py プロジェクト: alaski/Feed2RSS
def delete_feed(request):
    user_name = request.matchdict['user']
    logged_in = authenticated_userid(request)
    if user_name != logged_in:
        return HTTPForbidden()

    user = User.get_by_screen_name(user_name)
    feed = Feed.get_by_userid_and_name(user.id, request.matchdict['feedname'])
    if feed is not None:
        DBSession.delete(feed)

    return Response()
コード例 #18
0
def forbidden_view(request):
    """Called when a user has been denied access to a resource or view.

      Setup::

          >>> from mock import Mock
          >>> from pyramid_simpleauth import view
          >>> _unauthenticated_userid = view.unauthenticated_userid
          >>> view.unauthenticated_userid = Mock()
          >>> mock_request = Mock()
          >>> mock_request.path = '/forbidden/page'
          >>> mock_request.route_url.return_value = 'http://foo.com/login'

      If the user is already logged in, it means they don't have the requisit
      permission, so we raise a 403 Forbidden error::

          >>> view.unauthenticated_userid.return_value = 1234
          >>> response = forbidden_view(mock_request)
          >>> response.status
          '403 Forbidden'

      Otherwise we redirect to the login page::

          >>> view.unauthenticated_userid.return_value = None
          >>> response = forbidden_view(mock_request)
          >>> kwargs = {
          ...     '_query': [('next', '/forbidden/page'),],
          ...     'traverse': ('login',)
          ... }
          >>> mock_request.route_url.assert_called_with('simpleauth', **kwargs)
          >>> response.location
          'http://foo.com/login'
          >>> response.status
          '302 Found'

      Teardown::

          >>> view.unauthenticated_userid = _unauthenticated_userid

    """

    if unauthenticated_userid(request):
        return HTTPForbidden()

    query = {'next': request.path}
    username_param = validate_username_param(request)
    if username_param:
        query['username'] = username_param

    url = request.route_url('simpleauth',
                            traverse=('login', ),
                            _query=query.items())
    return HTTPFound(location=url)
コード例 #19
0
ファイル: manage.py プロジェクト: soenkehahn/substanced
 def manage_main(self):
     request = self.request
     view_data = self.sdi_mgmt_views(self.context, request)
     if not view_data:
         request.session['came_from'] = request.url
         raise HTTPForbidden(
             location=request.sdiapi.mgmt_path(request.root, '@@login')
             )
     view_name = '@@%s' % (view_data[0]['view_name'],)
     return HTTPFound(
         location=request.sdiapi.mgmt_path(request.context, view_name)
         )
コード例 #20
0
def upload_file(request, data, properties):
    """Create new document through RPC"""
    container = get_utility(IDocumentContainer)
    if not request.has_permission(CREATE_DOCUMENT_PERMISSION,
                                  context=container):
        raise HTTPForbidden()
    if isinstance(data, Binary):
        data = data.data
    else:
        data = base64.b64decode(data)
    document = container.add_document(data, properties, request)
    return document.oid
コード例 #21
0
def cached_view_audit_self(context, request):
    source = context.model.source
    allowed = set(source['principals_allowed']['audit'])
    if allowed.isdisjoint(request.effective_principals):
        raise HTTPForbidden()
    path = source['object']['@id']
    return {
        '@id':
        path,
        'audit':
        [a for a in chain(*source['audit'].values()) if a['path'] == path],
    }
コード例 #22
0
def check(request, remote_addr):

    try:
        query = request.dbsession.query(
            banlist)  # Checks if the ip is in banlist
        records = query.filter(banlist.ip == remote_addr).all()

    except DBAPIError:
        return Response(db_err_msg, content_type='text/plain', status=500)

    if remote_addr in records:
        return (HTTPForbidden())
コード例 #23
0
ファイル: user_profile.py プロジェクト: millerf/v6_api
    def put(self):
        if not self.request.has_permission('moderator'):
            # moderators can change the profile of every user
            if self.request.authenticated_userid != \
                    self.request.validated['id']:
                # but a normal user can only change its own profile
                raise HTTPForbidden(
                    'No permission to change this user profile')

        self._reset_title()

        return self._put(UserProfile, schema_internal_user_profile)
コード例 #24
0
def post_upload(context, request):
    properties = context.upgrade_properties()
    if properties['status'] not in ('uploading', 'upload failed'):
        raise HTTPForbidden(
            'status must be "uploading" to issue new credentials')

    accession_or_external = properties.get(
        'accession') or properties['external_accession']
    external = context.propsheets.get('external', None)

    if external is None:
        # Handle objects initially posted as another state.
        bucket = request.registry.settings['file_upload_bucket']
        uuid = context.uuid
        mapping = context.schema['file_format_file_extension']
        file_extension = mapping[properties['file_format']]
        date = properties['date_created'].split('T')[0].replace('-', '/')
        key = '{date}/{uuid}/{accession_or_external}{file_extension}'.format(
            accession_or_external=accession_or_external,
            date=date,
            file_extension=file_extension,
            uuid=uuid,
            **properties)
    elif external.get('service') == 's3':
        bucket = external['bucket']
        key = external['key']
    else:
        raise ValueError(external.get('service'))

    name = 'up{time:.6f}-{accession_or_external}'.format(
        accession_or_external=accession_or_external,
        time=time.time(),
        **properties)[:32]  # max 32 chars
    profile_name = request.registry.settings.get('file_upload_profile_name')
    creds = external_creds(bucket, key, name, profile_name)

    new_properties = None
    if properties['status'] == 'upload failed':
        new_properties = properties.copy()
        new_properties['status'] = 'uploading'

    registry = request.registry
    registry.notify(BeforeModified(context, request))
    context.update(new_properties, {'external': creds})
    registry.notify(AfterModified(context, request))

    rendered = request.embed('/%s/@@object' % context.uuid, as_user=True)
    result = {
        'status': 'success',
        '@type': ['result'],
        '@graph': [rendered],
    }
    return result
コード例 #25
0
def create_view(request):
    if not request.user:
        return HTTPForbidden()

    entry = Entry()
    form = EntryCreateForm(request.POST)
    if request.method == 'POST' and form.validate():
        form.populate_obj(entry)
        entry.author = request.user
        DBSession.add(entry)
        return HTTPFound(location=request.route_url('home'))
    return {'form': form, 'cancel': request.route_url('home')}
コード例 #26
0
def add_entry(request):
    if request.authenticated_userid:
        if request.method == 'POST':
            try:
                Entry.from_request(request)
            except psycopg2.Error:
                # this will catch any errors generated by the database
                return HTTPInternalServerError()
            entry = Entry.desc_new()
            return entry.json_detail()
    else:
        return HTTPForbidden()
コード例 #27
0
def forbidden_view(request):
    """Called when a user has been denied access to a resource or view.  
      
      If the user is already logged in, it means they don't have the requisit
      permission, so we raise a 403 Forbidden error.  Otherwise we redirect
      to the login page.
    """

    if authenticated_userid(request):
        return HTTPForbidden()
    url = request.route_url('login', _query=(('next', request.path), ))
    return HTTPFound(location=url)
コード例 #28
0
def validate_credentials(email, password):
    """
    Validates email and password against database returning a token dictionary.

        Parameters:
            email (str): email to log in with
            password (str): Password to log in with

        Response:
            token (dict): Dictionary token (JWT)
    """
    try:
        query = """
            SELECT
                u.id 
                , json_build_object(
                    'id', u.id,
                    'username', u.username,
                    'first', u.first_name,
                    'last', u.last_name,
                    'email', u.email,
                    'photo', u.photo,
                    'guest', u.guest
                ) as user
            from pp.users u
            where u.email = %s
                and u.guest = false
                and u.date_deleted is null
                and u.temp is null
                and encode(digest(%s||u.salt, 'sha256'), 'hex')=u.password;
        """
        result = execute_query(datasource="db/pillpool",
                               query=query,
                               db_params=[email, password])
        if result:
            return result[0]
        else:
            raise HTTPForbidden("Invalid Username or Password.")
    except:
        raise HTTPForbidden("Invalid Username or Password.")
コード例 #29
0
ファイル: layers.py プロジェクト: maltaesousa/c2cgeoportal
    def _proto_read(self, layer: "main.Layer") -> FeatureCollection:
        """ Read features for the layer based on the self.request. """
        from c2cgeoportal_commons.models.main import (  # pylint: disable=import-outside-toplevel
            Layer, RestrictionArea, Role,
        )

        proto = self._get_protocol_for_layer(layer)
        if layer.public:
            return proto.read(self.request)
        user = self.request.user
        if user is None:
            raise HTTPForbidden()
        cls = proto.mapped_class
        geom_attr = proto.geom_attr
        ras = models.DBSession.query(RestrictionArea.area,
                                     RestrictionArea.area.ST_SRID())
        ras = ras.join(RestrictionArea.roles)
        ras = ras.join(RestrictionArea.layers)
        ras = ras.filter(Role.id.in_(get_roles_id(self.request)))
        ras = ras.filter(Layer.id == layer.id)
        collect_ra = []
        use_srid = -1
        for ra, srid in ras.all():
            if ra is None:
                return proto.read(self.request)
            use_srid = srid
            collect_ra.append(to_shape(ra))
        if not collect_ra:
            raise HTTPForbidden()

        filter1_ = create_filter(self.request, cls, geom_attr)
        ra = cascaded_union(collect_ra)
        filter2_ = ga_func.ST_Contains(from_shape(ra, use_srid),
                                       getattr(cls, geom_attr))
        filter_ = filter2_ if filter1_ is None else and_(filter1_, filter2_)

        feature = proto.read(self.request, filter=filter_)
        if isinstance(feature, HTTPException):
            raise feature  # pylint: disable=raising-non-exception
        return feature
コード例 #30
0
ファイル: base.py プロジェクト: thebent/ichnaea
        def closure(request, *args, **kwargs):
            raven_client = request.registry.raven_client
            stats_client = request.registry.stats_client

            api_key = None
            api_key_text = request.GET.get('key', None)

            if api_key_text is None:
                stats_client.incr('%s.no_api_key' % func_name)
                if error_on_invalidkey:
                    return invalid_api_key_response()
            try:
                api_key = ApiKey.getkey(request.db_ro_session, api_key_text)
            except Exception:  # pragma: no cover
                # if we cannot connect to backend DB, skip api key check
                raven_client.captureException()
                stats_client.incr('%s.dbfailure_skip_api_key' % func_name)

            if api_key is not None:
                stats_client.incr('%s.api_key.%s' % (func_name, api_key.name))
                should_limit = rate_limit(request.registry.redis_client,
                                          api_key_text, maxreq=api_key.maxreq)
                if should_limit:
                    response = HTTPForbidden()
                    response.content_type = 'application/json'
                    response.body = DAILY_LIMIT
                    return response
                elif should_limit is None:  # pragma: no cover
                    # We couldn't connect to Redis
                    stats_client.incr('%s.redisfailure_skip_limit' % func_name)
            else:
                stats_client.incr('%s.unknown_api_key' % func_name)
                if error_on_invalidkey:
                    return invalid_api_key_response()

            # If we failed to look up an ApiKey, create an empty one
            # rather than passing None through
            api_key = api_key or ApiKey()

            return func(request, api_key, *args, **kwargs)
コード例 #31
0
ファイル: layers.py プロジェクト: csu-xiao-an/c2cgeoportal
    def create(self):
        set_common_headers(self.request, "layers", NO_CACHE)

        if self.request.user is None:
            raise HTTPForbidden()

        self.request.response.cache_control.no_cache = True

        layer = self._get_layer_for_request()

        def check_geometry(_, feature, obj):
            del obj  # unused
            geom = feature.geometry
            if geom and not isinstance(geom, geojson.geometry.Default):
                shape = asShape(geom)
                srid = self._get_geom_col_info(layer)[1]
                spatial_elt = from_shape(shape, srid=srid)
                allowed = models.DBSession.query(func.count(
                    RestrictionArea.id))
                allowed = allowed.join(RestrictionArea.roles)
                allowed = allowed.join(RestrictionArea.layers)
                allowed = allowed.filter(RestrictionArea.readwrite.is_(True))
                allowed = allowed.filter(
                    Role.id.in_([r.id for r in self.request.user.roles]))
                allowed = allowed.filter(Layer.id == layer.id)
                allowed = allowed.filter(
                    or_(RestrictionArea.area.is_(None),
                        RestrictionArea.area.ST_Contains(spatial_elt)))
                if allowed.scalar() == 0:
                    raise HTTPForbidden()

                # check if geometry is valid
                if self._get_validation_setting(layer):
                    self._validate_geometry(spatial_elt)

        protocol = self._get_protocol_for_layer(layer,
                                                before_create=check_geometry)
        try:
            features = protocol.create(self.request)
            for feature in features.features:
                self._log_last_update(layer, feature)
            return features
        except TopologicalError as e:
            self.request.response.status_int = 400
            return {"error_type": "validation_error", "message": str(e)}
        except exc.IntegrityError as e:
            log.error(str(e))
            self.request.response.status_int = 400
            return {
                "error_type": "integrity_error",
                "message": str(e.orig.diag.message_primary)
            }
コード例 #32
0
ファイル: replica.py プロジェクト: Tarea3Operativos/tarea3app
    def get_changes(self):
        # this method is called from all replica servers
        # and either returns changelog entry content for {serial} or,
        # if it points to the "next" serial, will block and wait
        # until that serial is committed.  However, after
        # MAX_REPLICA_BLOCK_TIME, we return 202 Accepted to indicate
        # the replica should try again.  The latter has two benefits:
        # - nginx' timeout would otherwise return 504 (Gateway Timeout)
        # - if the replica is not waiting anymore we would otherwise
        #   never time out here, leading to more and more threads
        # if no commits happen.

        if not self.xom.is_master():
            raise HTTPForbidden("Replication protocol disabled")
        expected_uuid = self.request.headers.get(H_EXPECTED_MASTER_ID, None)
        master_uuid = self.xom.config.get_master_uuid()
        # we require the header but it is allowed to be empty
        # (during initialization)
        if expected_uuid is None:
            msg = "replica sent no %s header" % H_EXPECTED_MASTER_ID
            threadlog.error(msg)
            raise HTTPBadRequest(msg)

        if expected_uuid and expected_uuid != master_uuid:
            threadlog.error("expected %r as master_uuid, replica sent %r",
                            master_uuid, expected_uuid)
            raise HTTPBadRequest(
                "expected %s as master_uuid, replica sent %s" %
                (master_uuid, expected_uuid))

        serial = self.request.matchdict["serial"]

        with self.update_replica_status(serial):
            keyfs = self.xom.keyfs
            if serial.lower() == "nop":
                raw_entry = b""
            else:
                try:
                    serial = int(serial)
                except ValueError:
                    raise HTTPNotFound("serial needs to be int")
                raw_entry = self._wait_for_entry(serial)

            devpi_serial = keyfs.get_current_serial()
            r = Response(body=raw_entry,
                         status=200,
                         headers={
                             str("Content-Type"):
                             str("application/octet-stream"),
                             str("X-DEVPI-SERIAL"): str(devpi_serial),
                         })
            return r
コード例 #33
0
ファイル: base_edit.py プロジェクト: zhangqiang99/voteit.core
 def add_form(self):
     content_type = self.request.params.get('content_type')
     tag = self.request.GET.get('tag', None)
     #Permission check
     add_permission = self.api.content_types_add_perm(content_type)
     if not has_permission(add_permission, self.context, self.request):
         raise HTTPForbidden(
             "You're not allowed to add '%s' in this context." %
             content_type)
     factory = self.api.get_content_factory(content_type)
     schema_name = self.api.get_schema_name(content_type, 'add')
     schema = createSchema(schema_name).bind(context=self.context,
                                             request=self.request,
                                             api=self.api)
     form = Form(schema, buttons=(button_add, button_cancel))
     self.api.register_form_resources(form)
     if content_type == 'AgendaItem':
         self.response['tabs'] = self.api.render_single_view_component(
             self.context, self.request, 'tabs', 'manage_agenda')
     post = self.request.POST
     if 'add' in post:
         controls = post.items()
         try:
             #appstruct is deforms convention. It will be the submitted data in a dict.
             appstruct = form.validate(controls)
         except ValidationFailure, e:
             self.response['form'] = e.render()
             return self.response
         kwargs = {}
         kwargs.update(appstruct)
         if self.api.userid:
             kwargs['creators'] = [self.api.userid]
         obj = createContent(content_type, **kwargs)
         name = self.generate_slug(obj.title)
         self.context[name] = obj
         self.api.flash_messages.add(_(u"Successfully added"))
         #Success, redirect
         url = self.request.resource_url(obj)
         #Polls might have a special redirect action if the poll plugin has a settings schema:
         if content_type == 'Poll':
             if obj.get_poll_plugin().get_settings_schema() is not None:
                 url += 'poll_config'
             else:
                 url = self.request.resource_url(obj.__parent__,
                                                 anchor=obj.uid)
             msg = _(
                 u"private_poll_info",
                 default=
                 u"The poll is created in private state, to show it the participants you have to change the state to upcoming."
             )
             self.api.flash_messages.add(msg)
         return HTTPFound(location=url)
コード例 #34
0
ファイル: views.py プロジェクト: annndrey/npui
def client_issue_list(ctx, req):
    cfg = req.registry.settings
    if not asbool(cfg.get('netprofile.client.ticket.enabled', True)):
        raise HTTPForbidden(detail=_('Issues view is disabled'))
    sess = DBSession()
    ent = req.user.parent
    q = sess.query(Ticket)\
     .filter(Ticket.entity == ent, Ticket.show_client == True)\
     .order_by(Ticket.creation_time.desc())
    tpldef = {'sess': DBSession(), 'tickets': q.all()}
    req.run_hook('access.cl.tpldef', tpldef, req)
    req.run_hook('access.cl.tpldef.issue.list', tpldef, req)
    return tpldef
コード例 #35
0
ファイル: contentbase.py プロジェクト: edwong57/sgd_metadata
def traversal_security(event):
    """ Check traversal was permitted at each step
    """
    request = event.request
    traversed = reversed(list(lineage(request.context)))
    # Required to view the root page as anonymous user
    # XXX Needs test once login based browser tests work.
    next(traversed)  # Skip root object
    for resource in traversed:
        result = has_permission('traverse', resource, request)
        if not result:
            msg = 'Unauthorized: traversal failed permission check'
            raise HTTPForbidden(msg, result=result)
コード例 #36
0
ファイル: agegroups.py プロジェクト: OpenCIOC/onlineresources
def make_403_error(message, realm='CIOC RPC'):
	error = HTTPForbidden()
	error.content_type = "text/plain"
	error.text = message
	return error
コード例 #37
0
ファイル: exceptions.py プロジェクト: eugeneai/recms
 def __init__(self):
     HTTPForbidden.__init__(self, "CSRF attempt suspected.")
コード例 #38
0
ファイル: base.py プロジェクト: mrthomas108/ichnaea
 def forbidden(self):
     response = HTTPForbidden()
     response.content_type = 'application/json'
     response.body = DAILY_LIMIT
     return response