def post(self, filename=None): """POST handler.""" if not auth.HasPermission(auth.UPLOAD): self.error(403) self.response.out.write('Access Denied for current user') return xsrf_token = self.request.get('xsrf_token', None) report_type = filename and 'package' or 'packages' if not xsrf.XsrfTokenValidate(xsrf_token, report_type): self.error(400) self.Render( 'error.html', {'message': 'Invalid XSRF token. Please refresh and retry.'}) return if filename: filename = urllib.unquote(filename) # If we're updating from new plist xml, perform the update and return. if self.request.get('new_pkginfo_plist'): self.UpdatePackageInfoFromPlist() return # All non-plist updates require an existing PackageInfo entity. p = models.PackageInfo.get_by_key_name(filename) if not p: self.error(404) self.Render( 'error.html', {'message': 'PackageInfo not found: %s' % filename}) return if self.request.get('delete') == '1': self._DeletePackage(p, filename) elif self.request.get('submit', None) == 'save': self.UpdatePackageInfo(p) elif self.request.get('unlock') == '1': self._UnlockPackage(p, filename) elif self.request.get('approve') == '1': if p.proposal.proposal_in_flight: self._ApproveProposal(p, filename) elif self.request.get('reject') == '1': if p.proposal.proposal_in_flight: self._RejectProposal(p, filename) else: self.error(400) self.Render( 'error.html', {'message': 'No action specified or unknown action.'}) elif self.request.get('new_pkginfo_plist'): # No filename was specified, so we're creating a new PackageInfo. self.UpdatePackageInfoFromPlist(create_new=True) else: self.error(404)
def post(self, filename=None): """POST handler.""" if not self.IsAdminUser(): self.error(403) self.response.out.write('Access Denied for current user') return xsrf_token = self.request.get('xsrf_token', None) report_type = filename and 'package' or 'packages' if not xsrf.XsrfTokenValidate(xsrf_token, report_type): self.error(400) self.response.out.write( 'Invalid XSRF token. Please refresh and retry.') return if filename: filename = urllib.unquote(filename) # If we're updating from new plist xml, perform the update and return. if self.request.get('new_pkginfo_plist'): self.UpdatePackageInfoFromPlist() return # All non-plist updates require an existing PackageInfo entity. p = models.PackageInfo.get_by_key_name(filename) if not p: self.error(404) self.response.out.write('Filename not found: %s' % filename) return if self.request.get('delete') == '1': if settings.EMAIL_ON_EVERY_CHANGE: self.NotifyAdminsOfPackageDeletion(p) p.delete() self.redirect('/admin/packages?msg=%s successfully deleted' % filename) return elif self.request.get('submit', None) == 'save': self.UpdatePackageInfo(p) elif self.request.get('unlock') == '1': if settings.EMAIL_ON_EVERY_CHANGE: self.NotifyAdminsOfPackageUnlock(p) p.MakeSafeToModify() self.redirect('/admin/package/%s?msg=%s is safe to modify' % (filename, filename)) else: self.error(400) self.response.out.write( 'No action specified or unknown action.') elif self.request.get('new_pkginfo_plist'): # No filename was specified, so we're creating a new PackageInfo. self.UpdatePackageInfoFromPlist(create_new=True) else: self.error(404)
def WrappedFunction(self, *args, **kwargs): """Invoke original function if valid token presented.""" xsrf_token = self.request.get('xsrf_token') if not xsrf.XsrfTokenValidate(xsrf_token, action): self.error(httplib.BAD_REQUEST) self.Render('error.html', { 'message': 'Invalid XSRF token. Please refresh and retry.' }) return return original_function(self, *args, **kwargs)
def post(self): """POST handler.""" if not self.IsAdminUser(): self.error(403) return xsrf_token = self.request.get('xsrf_token', None) if not xsrf.XsrfTokenValidate(xsrf_token, 'config'): self.error(400) self.response.out.write(json.dumps( {'error': 'Invalid XSRF token. Refresh page and try again.'})) return if self.request.get('action', None) == 'pem_upload': self._PemUpload() else: self._UpdateSettingValue()