def run_alias(mode, alias):
if MULTIPLE_DATABASES_TYPE == "smcom":
dbo = smcom.get_database_info(alias)
elif MULTIPLE_DATABASES_TYPE == "map" and alias != "%":
dbo = db.get_multiple_database_info(alias)
dbo.alias = alias
if dbo.database == "FAIL":
print "Invalid database alias '%s'" % (alias)
return
else:
dbo.connection = db.connection(dbo)
run(dbo, mode)
def run_alias(mode, alias):
if MULTIPLE_DATABASES_TYPE == "smcom":
dbo = smcom.get_database_info(alias)
elif MULTIPLE_DATABASES_TYPE == "map" and alias != "%":
dbo = db.get_multiple_database_info(alias)
dbo.alias = alias
if dbo.database == "FAIL":
print "Invalid database alias '%s'" % (alias)
return
else:
dbo.connection = db.connection(dbo)
run(dbo, mode)
def get_database(alias=""):
""" Gets the current database connection. Requires an alias/db for multiple/smcom """
if MULTIPLE_DATABASES:
if MULTIPLE_DATABASES_TYPE == "smcom":
# Is this sheltermanager.com? If so, we need to get the
# database connection info (dbo) before we can login.
dbo = smcom.get_database_info(alias)
else:
# Look up the database info from our map
dbo = _get_multiple_database_info(alias)
else:
dbo = get_dbo()
return dbo
def web_login(post, session, remoteip, path):
"""
Performs a login and sets up the user's session.
Returns the username on successful login, or:
FAIL - problem with user/pass/account/ip
DISABLED - The database is disabled
"""
dbo = db.DatabaseInfo()
database = post["database"]
username = post["username"]
password = post["password"]
nologconnection = post["nologconnection"]
# Do we have multiple databases?
if MULTIPLE_DATABASES:
if MULTIPLE_DATABASES_TYPE == "smcom":
# Is this sheltermanager.com? If so, we need to get the
# database connection info (dbo) before we can login.
# If a database hasn't been supplied, let's bail out now
# since we can't do anything
if str(database).strip() == "":
return "FAIL"
else:
dbo = smcom.get_database_info(database)
# Bail out if there was a problem with the database
if dbo.database == "FAIL" or dbo.database == "DISABLED":
return dbo.database
else:
# Look up the database info from our map
dbo = db.get_multiple_database_info(database)
if dbo.database == "FAIL":
return dbo.database
# Connect to the database and authenticate the username and password
user = authenticate(dbo, username, password)
if user is not None and not authenticate_ip(user, remoteip):
al.error(
"user %s with ip %s failed ip restriction check '%s'" %
(username, remoteip, user["IPRESTRICTION"]), "users.web_login",
dbo)
return "FAIL"
if user is not None:
al.info("%s successfully authenticated from %s" % (username, remoteip),
"users.web_login", dbo)
try:
dbo.locked = configuration.smdb_locked(dbo)
dbo.timezone = configuration.timezone(dbo)
dbo.installpath = path
session.locale = configuration.locale(dbo)
dbo.locale = session.locale
session.dbo = dbo
session.user = user["USERNAME"]
session.superuser = user["SUPERUSER"]
session.passchange = (password == "password")
update_session(session)
except:
al.error("failed setting up session: %s" % str(sys.exc_info()[0]),
"users.web_login", dbo, sys.exc_info())
return "FAIL"
try:
session.securitymap = get_security_map(dbo, user["USERNAME"])
except:
# This is a pre-3002 login where the securitymap is with
# the user (the error occurs because there's no role table)
al.debug("role table does not exist, using securitymap from user",
"users.web_login", dbo)
session.securitymap = user["SECURITYMAP"]
try:
ur = get_users(dbo, user["USERNAME"])[0]
session.roles = ur["ROLES"]
session.roleids = ur["ROLEIDS"]
session.locationfilter = utils.nulltostr(user["LOCATIONFILTER"])
except:
# Users coming from v2 won't have the
# IPRestriction or EmailAddress fields necessary for get_users - we can't
# help them right now so just give them an empty set of
# roles and locationfilter until they login again after the db update
session.roles = ""
session.roleids = ""
session.locationfilter = ""
try:
# If it's a sheltermanager.com database, try and update the
# last time the user connected to today
if smcom.active() and database != "" and nologconnection == "":
smcom.set_last_connected(dbo)
except:
pass
try:
# Check to see if any updates need performing on this database
if dbupdate.check_for_updates(dbo):
dbupdate.perform_updates(dbo)
# We did some updates, better reload just in case config/reports/etc changed
update_session(session)
# Check to see if our views and sequences are out of date and need reloading
if dbupdate.check_for_view_seq_changes(dbo):
dbupdate.install_db_views(dbo)
dbupdate.install_db_sequences(dbo)
except:
al.error("failed updating database: %s" % str(sys.exc_info()[0]),
"users.web_login", dbo, sys.exc_info())
try:
# Log out any old users that have been hanging around
auto_logout(dbo)
# Let this user through
login(dbo, user["USERNAME"])
except:
al.error(
"failed updating activeuser table: %s" %
str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info())
return "FAIL"
else:
al.error(
"database:%s username:%s password:%s failed authentication from %s"
% (database, username, password, remoteip), "users.web_login", dbo)
return "FAIL"
return user["USERNAME"]
def handler(data, remoteip, referer):
"""
Handles the various service method types.
data: The GET/POST parameters
return value is a tuple containing MIME type, max-age, content
"""
# Database info
dbo = db.DatabaseInfo()
# Get service parameters
account = utils.df_ks(data, "account")
username = utils.df_ks(data, "username")
password = utils.df_ks(data, "password")
method = utils.df_ks(data, "method")
animalid = utils.df_ki(data, "animalid")
formid = utils.df_ki(data, "formid")
title = utils.df_ks(data, "title")
cache_key = "a" + account + "u" + username + "p" + password + "m" + method + "a" + str(
animalid) + "f" + str(formid) + "t" + title
# cache keys aren't allowed spaces
cache_key = cache_key.replace(" ", "")
# Do we have a cached response for these parameters?
cached_response = get_cached_response(cache_key)
if cached_response is not None:
al.debug(
"cache hit for %s/%s/%s/%s" % (account, method, animalid, title),
"service.handler")
return cached_response
# Are we dealing with multiple databases, but no account was specified?
if account == "" and MULTIPLE_DATABASES:
return ("text/plan", 0, "ERROR: No database/alias specified")
# Are we dealing with multiple databases and an account was specified?
if account != "":
if MULTIPLE_DATABASES:
if MULTIPLE_DATABASES_TYPE == "smcom":
# Is this sheltermanager.com? If so, we need to get the
# database connection info (dbo) before we can login.
dbo = smcom.get_database_info(account)
else:
# Look up the database info from our map
dbo = db.get_multiple_database_info(account)
if dbo.database == "FAIL" or dbo.database == "DISABLED":
al.error(
"auth failed - invalid smaccount %s from %s" %
(account, remoteip), "service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid database")
# Does the method require us to authenticate? If so, do it.
user = None
if method in AUTH_METHODS:
user = users.authenticate(dbo, username, password)
if user is None:
al.error(
"auth failed - %s/%s is not a valid username/password from %s"
% (username, password, remoteip), "service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid username and password")
# Get the preferred locale for the site
dbo.locale = configuration.locale(dbo)
al.info("call %s->%s [%s %s]" % (username, method, str(animalid), title),
"service.handler", dbo)
if method == "animal_image":
# If we have a hotlinking restriction, enforce it
if referer != "" and IMAGE_HOTLINKING_ONLY_FROM_DOMAIN != "" and referer.find(
IMAGE_HOTLINKING_ONLY_FROM_DOMAIN) == -1:
raise utils.ASMPermissionError("Image hotlinking is forbidden.")
if animalid == "" or utils.cint(animalid) == 0:
al.error(
"animal_image failed, %s is not an animalid" % str(animalid),
"service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid animalid")
# If the option is on, forbid hotlinking
else:
seq = utils.df_ki(data, "seq")
if seq == 0: seq = 1
mm = media.get_media_by_seq(dbo, media.ANIMAL,
utils.cint(animalid), seq)
if len(mm) == 0:
return ("image/jpeg", 86400,
dbfs.get_string(dbo, "nopic.jpg", "/reports"))
else:
return ("image/jpeg", 86400,
dbfs.get_string(dbo, mm[0]["MEDIANAME"]))
elif method == "extra_image":
return ("image/jpeg", 86400, dbfs.get_string(dbo, title, "/reports"))
elif method == "json_adoptable_animals":
pc = publish.PublishCriteria(configuration.publisher_presets(dbo))
rs = publish.get_animal_data(dbo, pc, True)
return set_cached_response(cache_key, "application/json", 3600,
html.json(rs))
elif method == "xml_adoptable_animals":
pc = publish.PublishCriteria(configuration.publisher_presets(dbo))
rs = publish.get_animal_data(dbo, pc, True)
return set_cached_response(cache_key, "application/xml", 3600,
html.xml(rs))
elif method == "json_recent_adoptions":
rs = movement.get_recent_adoptions(dbo)
return set_cached_response(cache_key, "application/json", 3600,
html.json(rs))
elif method == "xml_recent_adoptions":
rs = movement.get_recent_adoptions(dbo)
return set_cached_response(cache_key, "application/xml", 3600,
html.xml(rs))
elif method == "html_report":
crid = reports.get_id(dbo, title)
p = reports.get_criteria_params(dbo, crid, data)
rhtml = reports.execute(dbo, crid, username, p)
return set_cached_response(cache_key, "text/html", 3600, rhtml)
elif method == "jsonp_shelter_animals":
sa = animal.get_animal_find_simple(dbo, "", "shelter")
return set_cached_response(
cache_key, "application/javascript", 3600,
str(utils.df_ks(data, "callback")) + "(" + html.json(sa) + ")")
elif method == "json_shelter_animals":
sa = animal.get_animal_find_simple(dbo, "", "shelter")
return set_cached_response(cache_key, "application/json", 3600,
html.json(sa))
elif method == "xml_shelter_animals":
sa = animal.get_animal_find_simple(dbo, "", "shelter")
return set_cached_response(cache_key, "application/xml", 3600,
html.json(sa))
elif method == "upload_animal_image":
media.attach_file_from_form(dbo, username, media.ANIMAL, int(animalid),
data)
return ("text/plain", 0, "OK")
elif method == "online_form_html":
if formid == 0:
raise utils.ASMError(
"method online_form_html requires a valid formid")
return set_cached_response(cache_key, "text/html", 120,
onlineform.get_onlineform_html(dbo, formid))
elif method == "online_form_post":
onlineform.insert_onlineformincoming_from_form(dbo, data, remoteip)
redirect = utils.df_ks(data, "redirect")
if redirect == "":
redirect = BASE_URL + "/static/pages/form_submitted.html"
return ("redirect", 0, redirect)
else:
al.error("invalid method '%s'" % method, "service.handler", dbo)
raise utils.ASMError("Invalid method '%s'" % method)
def web_login(post, session, remoteip, path):
"""
Performs a login and sets up the user's session.
Returns the username on successful login, or:
FAIL - problem with user/pass/account/ip
DISABLED - The database is disabled
WRONGSERVER - The database is not on this server
"""
dbo = db.DatabaseInfo()
database = post["database"]
username = post["username"]
password = post["password"]
mobileapp = post["mobile"] == "true"
nologconnection = post["nologconnection"]
if len(username) > 100:
username = username[0:100]
# Do we have multiple databases?
if MULTIPLE_DATABASES:
if MULTIPLE_DATABASES_TYPE == "smcom":
# Is this sheltermanager.com? If so, we need to get the
# database connection info (dbo) before we can login.
# If a database hasn't been supplied, let's bail out now
# since we can't do anything
if str(database).strip() == "":
return "FAIL"
else:
dbo = smcom.get_database_info(database)
# Bail out if there was a problem with the database
if dbo.database in ("FAIL", "DISABLED", "WRONGSERVER"):
return dbo.database
else:
# Look up the database info from our map
dbo = db.get_multiple_database_info(database)
if dbo.database == "FAIL":
return dbo.database
# Connect to the database and authenticate the username and password
user = authenticate(dbo, username, password)
if user is not None and not authenticate_ip(user, remoteip):
al.error("user %s with ip %s failed ip restriction check '%s'" % (username, remoteip, user["IPRESTRICTION"]), "users.web_login", dbo)
return "FAIL"
if user is not None:
al.info("%s successfully authenticated from %s" % (username, remoteip), "users.web_login", dbo)
try:
dbo.locked = configuration.smdb_locked(dbo)
dbo.timezone = configuration.timezone(dbo)
dbo.installpath = path
session.locale = configuration.locale(dbo)
dbo.locale = session.locale
session.dbo = dbo
session.user = user["USERNAME"]
session.superuser = user["SUPERUSER"]
session.passchange = (password == "password")
session.mobileapp = mobileapp
update_session(session)
except:
al.error("failed setting up session: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info())
return "FAIL"
try:
session.securitymap = get_security_map(dbo, user["USERNAME"])
except:
# This is a pre-3002 login where the securitymap is with
# the user (the error occurs because there's no role table)
al.debug("role table does not exist, using securitymap from user", "users.web_login", dbo)
session.securitymap = user["SECURITYMAP"]
try:
ur = get_users(dbo, user["USERNAME"])[0]
session.roles = ur["ROLES"]
session.roleids = ur["ROLEIDS"]
session.siteid = utils.cint(user["SITEID"])
session.locationfilter = utils.nulltostr(user["LOCATIONFILTER"])
except:
# Users coming from v2 won't have the
# IPRestriction or EmailAddress fields necessary for get_users - we can't
# help them right now so just give them an empty set of
# roles and locationfilter until they login again after the db update
session.roles = ""
session.roleids = ""
session.locationfilter = ""
session.siteid = 0
try:
# If it's a sheltermanager.com database, try and update the
# last time the user connected to today
if smcom.active() and database != "" and nologconnection == "":
smcom.set_last_connected(dbo)
except:
pass
try:
# Mark the user logged in
audit.login(dbo, username)
# Check to see if any updates need performing on this database
if dbupdate.check_for_updates(dbo):
dbupdate.perform_updates(dbo)
# We did some updates, better reload just in case config/reports/etc changed
update_session(session)
# Check to see if our views and sequences are out of date and need reloading
if dbupdate.check_for_view_seq_changes(dbo):
dbupdate.install_db_views(dbo)
dbupdate.install_db_sequences(dbo)
except:
al.error("failed updating database: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info())
try:
al.info("%s logged in" % user["USERNAME"], "users.login", dbo)
update_user_activity(dbo, user["USERNAME"])
except:
al.error("failed updating user activity: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info())
return "FAIL"
else:
al.error("database:%s username:%s password:%s failed authentication from %s" % (database, username, password, remoteip), "users.web_login", dbo)
return "FAIL"
return user["USERNAME"]
def handler(data, remoteip, referer):
"""
Handles the various service method types.
data: The GET/POST parameters
return value is a tuple containing MIME type, max-age, content
"""
# Database info
dbo = db.DatabaseInfo()
# Get service parameters
account = utils.df_ks(data, "account")
username = utils.df_ks(data, "username")
password = utils.df_ks(data, "password")
method = utils.df_ks(data, "method")
animalid = utils.df_ki(data, "animalid")
formid = utils.df_ki(data, "formid")
title = utils.df_ks(data, "title")
cache_key = "a" + account + "u" + username + "p" + password + "m" + method + "a" + str(animalid) + "f" + str(formid) + "t" + title
# cache keys aren't allowed spaces
cache_key = cache_key.replace(" ", "")
# Do we have a cached response for these parameters?
cached_response = get_cached_response(cache_key)
if cached_response is not None:
al.debug("cache hit for %s/%s/%s/%s" % (account, method, animalid, title), "service.handler")
return cached_response
# Are we dealing with multiple databases, but no account was specified?
if account == "" and MULTIPLE_DATABASES:
return ("text/plan", 0, "ERROR: No database/alias specified")
# Are we dealing with multiple databases and an account was specified?
if account != "":
if MULTIPLE_DATABASES:
if MULTIPLE_DATABASES_TYPE == "smcom":
# Is this sheltermanager.com? If so, we need to get the
# database connection info (dbo) before we can login.
dbo = smcom.get_database_info(account)
else:
# Look up the database info from our map
dbo = db.get_multiple_database_info(account)
if dbo.database == "FAIL" or dbo.database == "DISABLED":
al.error("auth failed - invalid smaccount %s from %s" % (account, remoteip), "service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid database")
# Does the method require us to authenticate? If so, do it.
user = None
if method in AUTH_METHODS:
user = users.authenticate(dbo, username, password)
if user is None:
al.error("auth failed - %s/%s is not a valid username/password from %s" % (username, password, remoteip), "service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid username and password")
# Get the preferred locale for the site
dbo.locale = configuration.locale(dbo)
al.info("call %s->%s [%s %s]" % (username, method, str(animalid), title), "service.handler", dbo)
if method =="animal_image":
# If we have a hotlinking restriction, enforce it
if referer != "" and IMAGE_HOTLINKING_ONLY_FROM_DOMAIN != "" and referer.find(IMAGE_HOTLINKING_ONLY_FROM_DOMAIN) == -1:
raise utils.ASMPermissionError("Image hotlinking is forbidden.")
if animalid == "" or utils.cint(animalid) == 0:
al.error("animal_image failed, %s is not an animalid" % str(animalid), "service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid animalid")
# If the option is on, forbid hotlinking
else:
seq = utils.df_ki(data, "seq")
if seq == 0: seq = 1
mm = media.get_media_by_seq(dbo, media.ANIMAL, utils.cint(animalid), seq)
if len(mm) == 0:
return ("image/jpeg", 86400, dbfs.get_string(dbo, "nopic.jpg", "/reports"))
else:
return ("image/jpeg", 86400, dbfs.get_string(dbo, mm[0]["MEDIANAME"]))
elif method =="extra_image":
return ("image/jpeg", 86400, dbfs.get_string(dbo, title, "/reports"))
elif method == "json_adoptable_animals":
pc = publish.PublishCriteria(configuration.publisher_presets(dbo))
rs = publish.get_animal_data(dbo, pc, True)
return set_cached_response(cache_key, "application/json", 3600, html.json(rs))
elif method == "xml_adoptable_animals":
pc = publish.PublishCriteria(configuration.publisher_presets(dbo))
rs = publish.get_animal_data(dbo, pc, True)
return set_cached_response(cache_key, "application/xml", 3600, html.xml(rs))
elif method == "json_recent_adoptions":
rs = movement.get_recent_adoptions(dbo)
return set_cached_response(cache_key, "application/json", 3600, html.json(rs))
elif method == "xml_recent_adoptions":
rs = movement.get_recent_adoptions(dbo)
return set_cached_response(cache_key, "application/xml", 3600, html.xml(rs))
elif method == "html_report":
crid = reports.get_id(dbo, title)
p = reports.get_criteria_params(dbo, crid, data)
rhtml = reports.execute(dbo, crid, username, p)
return set_cached_response(cache_key, "text/html", 3600, rhtml)
elif method == "jsonp_shelter_animals":
sa = animal.get_animal_find_simple(dbo, "", "shelter")
return set_cached_response(cache_key, "application/javascript", 3600, str(utils.df_ks(data, "callback")) + "(" + html.json(sa) + ")")
elif method == "json_shelter_animals":
sa = animal.get_animal_find_simple(dbo, "", "shelter")
return set_cached_response(cache_key, "application/json", 3600, html.json(sa))
elif method == "xml_shelter_animals":
sa = animal.get_animal_find_simple(dbo, "", "shelter")
return set_cached_response(cache_key, "application/xml", 3600, html.json(sa))
elif method == "upload_animal_image":
media.attach_file_from_form(dbo, username, media.ANIMAL, int(animalid), data)
return ("text/plain", 0, "OK")
elif method == "online_form_html":
if formid == 0:
raise utils.ASMError("method online_form_html requires a valid formid")
return set_cached_response(cache_key, "text/html", 120, onlineform.get_onlineform_html(dbo, formid))
elif method == "online_form_post":
onlineform.insert_onlineformincoming_from_form(dbo, data, remoteip)
redirect = utils.df_ks(data, "redirect")
if redirect == "":
redirect = BASE_URL + "/static/pages/form_submitted.html"
return ("redirect", 0, redirect)
else:
al.error("invalid method '%s'" % method, "service.handler", dbo)
raise utils.ASMError("Invalid method '%s'" % method)
def handler(post, remoteip, referer):
"""
Handles the various service method types.
data: The GET/POST parameters
return value is a tuple containing MIME type, max-age, content
"""
# Database info
dbo = db.DatabaseInfo()
# Get service parameters
account = post["account"]
username = post["username"]
password = post["password"]
method = post["method"]
animalid = post.integer("animalid")
formid = post.integer("formid")
seq = post.integer("seq")
title = post["title"]
cache_key = "a" + account + "u" + username + "p" + password + "m" + method + \
"i" + str(animalid) + "s" + str(seq) + "f" + str(formid) + "t" + title
# cache keys aren't allowed spaces
cache_key = cache_key.replace(" ", "")
# Do we have a cached response for these parameters?
cached_response = get_cached_response(cache_key)
if cached_response is not None:
al.debug("cache hit for %s/%s/%s/%s" % (account, method, animalid, title), "service.handler")
return cached_response
# Are we dealing with multiple databases, but no account was specified?
if account == "" and MULTIPLE_DATABASES:
return ("text/plan", 0, "ERROR: No database/alias specified")
# Are we dealing with multiple databases and an account was specified?
if account != "":
if MULTIPLE_DATABASES:
if MULTIPLE_DATABASES_TYPE == "smcom":
# Is this sheltermanager.com? If so, we need to get the
# database connection info (dbo) before we can login.
dbo = smcom.get_database_info(account)
else:
# Look up the database info from our map
dbo = db.get_multiple_database_info(account)
if dbo.database == "FAIL" or dbo.database == "DISABLED":
al.error("auth failed - invalid smaccount %s from %s" % (account, remoteip), "service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid database")
# If the database has disabled the service API, stop now
if not configuration.service_enabled(dbo):
al.error("Service API is disabled (%s)" % method, "service.handler", dbo)
return ("text/plain", 0, "ERROR: Service API is disabled")
# Do any database updates need doing in this db?
if dbupdate.check_for_updates(dbo):
dbupdate.perform_updates(dbo)
# Does the method require us to authenticate? If so, do it.
user = None
securitymap = ""
if method in AUTH_METHODS:
# If the database has authenticated service methods disabled, stop now
if not configuration.service_auth_enabled(dbo):
al.error("Service API for auth methods is disabled (%s)" % method, "service.handler", dbo)
return ("text/plain", 0, "ERROR: Service API for authenticated methods is disabled")
user = users.authenticate(dbo, username, password)
if user is None:
al.error("auth failed - %s/%s is not a valid username/password from %s" % (username, password, remoteip), "service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid username and password")
securitymap = users.get_security_map(dbo, user["USERNAME"])
# Get the preferred locale and timezone for the site
l = configuration.locale(dbo)
dbo.locale = l
dbo.timezone = configuration.timezone(dbo)
al.info("call %s->%s [%s %s]" % (username, method, str(animalid), title), "service.handler", dbo)
if method =="animal_image":
hotlink_protect("animal_image", referer)
if animalid == "" or utils.cint(animalid) == 0:
al.error("animal_image failed, %s is not an animalid" % str(animalid), "service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid animalid")
else:
if seq == 0: seq = 1
mm = media.get_media_by_seq(dbo, media.ANIMAL, utils.cint(animalid), seq)
if len(mm) == 0:
return set_cached_response(cache_key, "image/jpeg", 86400, 120, dbfs.get_string(dbo, "nopic.jpg", "/reports"))
else:
return set_cached_response(cache_key, "image/jpeg", 86400, 120, dbfs.get_string(dbo, mm[0]["MEDIANAME"]))
elif method == "animal_view":
if animalid == "" or utils.cint(animalid) == 0:
al.error("animal_view failed, %s is not an animalid" % str(animalid), "service.handler", dbo)
return ("text/plain", 0, "ERROR: Invalid animalid")
else:
return set_cached_response(cache_key, "text/html", 120, 120, publish.get_animal_view(dbo, int(animalid)))
elif method =="dbfs_image":
hotlink_protect("dbfs_image", referer)
return set_cached_response(cache_key, "image/jpeg", 86400, 120, dbfs.get_string_filepath(dbo, title))
elif method =="extra_image":
hotlink_protect("extra_image", referer)
return set_cached_response(cache_key, "image/jpeg", 86400, 120, dbfs.get_string(dbo, title, "/reports"))
elif method == "json_adoptable_animals":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
pc = publish.PublishCriteria(configuration.publisher_presets(dbo))
rs = publish.get_animal_data(dbo, pc, True)
return set_cached_response(cache_key, "application/json", 3600, 3600, html.json(rs))
elif method == "jsonp_adoptable_animals":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
pc = publish.PublishCriteria(configuration.publisher_presets(dbo))
rs = publish.get_animal_data(dbo, pc, True)
return ("application/javascript", 0, "%s(%s);" % (post["callback"], html.json(rs)))
elif method == "xml_adoptable_animals":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
pc = publish.PublishCriteria(configuration.publisher_presets(dbo))
rs = publish.get_animal_data(dbo, pc, True)
return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs))
elif method == "json_recent_adoptions":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
rs = movement.get_recent_adoptions(dbo)
return set_cached_response(cache_key, "application/json", 3600, 3600, html.json(rs))
elif method == "jsonp_recent_adoptions":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
rs = movement.get_recent_adoptions(dbo)
return ("application/javascript", 0, "%s(%s);" % (post["callback"], html.json(rs)))
elif method == "xml_recent_adoptions":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
rs = movement.get_recent_adoptions(dbo)
return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs))
elif method == "html_report":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_REPORT)
crid = reports.get_id(dbo, title)
p = reports.get_criteria_params(dbo, crid, post)
rhtml = reports.execute(dbo, crid, username, p)
return set_cached_response(cache_key, "text/html", 3600, 3600, rhtml)
elif method == "csv_mail" or method == "csv_report":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_REPORT)
crid = reports.get_id(dbo, title)
p = reports.get_criteria_params(dbo, crid, post)
rows, cols = reports.execute_query(dbo, crid, username, p)
mcsv = utils.csv(l, rows, cols, True)
return set_cached_response(cache_key, "text/csv", 3600, 3600, mcsv)
elif method == "jsonp_shelter_animals":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
sa = animal.get_animal_find_simple(dbo, "", "shelter")
return ("application/javascript", 0, "%s(%s);" % (post["callback"], html.json(sa)))
elif method == "json_shelter_animals":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
sa = animal.get_animal_find_simple(dbo, "", "shelter")
return set_cached_response(cache_key, "application/json", 3600, 3600, html.json(sa))
elif method == "xml_shelter_animals":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
sa = animal.get_animal_find_simple(dbo, "", "shelter")
return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(sa))
elif method == "rss_timeline":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL)
return set_cached_response(cache_key, "application/rss+xml", 3600, 3600, html.timeline_rss(dbo))
elif method == "upload_animal_image":
users.check_permission_map(l, user["SUPERUSER"], securitymap, users.ADD_MEDIA)
media.attach_file_from_form(dbo, username, media.ANIMAL, int(animalid), post)
return ("text/plain", 0, "OK")
elif method == "online_form_html":
if formid == 0:
raise utils.ASMError("method online_form_html requires a valid formid")
return set_cached_response(cache_key, "text/html; charset=utf-8", 120, 120, onlineform.get_onlineform_html(dbo, formid))
elif method == "online_form_json":
if formid == 0:
raise utils.ASMError("method online_form_json requires a valid formid")
return set_cached_response(cache_key, "text/json; charset=utf-8", 30, 30, onlineform.get_onlineform_json(dbo, formid))
elif method == "online_form_post":
flood_protect("online_form_post", remoteip, 15)
onlineform.insert_onlineformincoming_from_form(dbo, post, remoteip)
redirect = post["redirect"]
if redirect == "":
redirect = BASE_URL + "/static/pages/form_submitted.html"
return ("redirect", 0, redirect)
elif method == "sign_document":
if formid == 0:
raise utils.ASMError("method sign_document requires a valid formid")
if post["sig"] == "":
return set_cached_response(cache_key, "text/html", 2, 2, sign_document_page(dbo, formid))
else:
media.sign_document(dbo, "service", formid, post["sig"], post["signdate"])
return ("text/plain", 0, "OK")
else:
al.error("invalid method '%s'" % method, "service.handler", dbo)
raise utils.ASMError("Invalid method '%s'" % method)