def _handle_dropping_privs(self, environ, req_uri):
"""
Determin if this request is to be considered "in space" or
not. If it is not and the current user is not GUEST we need
to pretend that the current user is GUEST, effectively
"dropping" privileges.
"""
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name is None:
return
space = Space(space_name)
container_name = req_uri.split('/')[2]
if (req_uri.startswith('/bags/')
and self._valid_bag(environ, space, container_name)):
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _make_space(environ, space_name):
"""
The details of creating the bags and recipes that make up a space.
"""
store = environ['tiddlyweb.store']
member = environ['tiddlyweb.usersign']['name']
# XXX stub out the clumsy way for now
# can make this much more declarative
space = Space(space_name)
for bag_name in space.list_bags():
bag = Bag(bag_name)
bag.policy = _make_policy(member)
if Space.bag_is_public(bag_name):
bag.policy.read = []
store.put(bag)
public_recipe = Recipe(space.public_recipe())
public_recipe.set_recipe(space.public_recipe_list())
private_recipe = Recipe(space.private_recipe())
private_recipe.set_recipe(space.private_recipe_list())
private_recipe.policy = _make_policy(member)
public_recipe.policy = _make_policy(member)
public_recipe.policy.read = []
store.put(public_recipe)
store.put(private_recipe)
def update_space_settings(environ, name):
"""
Read a tiddler named by SPACE_SERVER_SETTINGS in the current
space's public bag. Parse each line as a key:value pair which
is then injected tiddlyweb.query. The goal here is to allow
a space member to force incoming requests to use specific
settings, such as alpha or externalized.
"""
store = environ['tiddlyweb.store']
space = Space(name)
bag_name = space.public_bag()
tiddler = Tiddler(SPACE_SERVER_SETTINGS, bag_name)
data_text = ''
try:
tiddler = store.get(tiddler)
data_text = tiddler.text
except StoreError:
pass
for line in data_text.split('\n'):
try:
key, value = line.split(':', 1)
key = key.rstrip().lstrip()
value = value.rstrip().lstrip()
try:
environ['tiddlyweb.query'][key].append(value)
except KeyError:
environ['tiddlyweb.query'][key] = [value]
except ValueError:
pass
def _validate_space_name(environ, name):
"""
Determine if space name can be used.
We've already checked if the space exists.
"""
store = environ['tiddlyweb.store']
try:
space = Space(name)
except ValueError, exc:
raise HTTP409(exc)
def change_space_member(store,
space_name,
add=None,
remove=None,
current_user=None):
"""
The guts of adding a member to space.
"""
try:
space = Space(space_name)
except ValueError, exc:
raise HTTP404('Space %s invalid: %s' % (space_name, exc))
def _validate_subscription(environ, name, recipe):
"""
Determine if this space can be subscribed to.
We know that the space exists, what we want to determine here is if
it has been blacklisted or already been subscribed.
"""
space = Space(name)
if name in environ['tiddlyweb.config'].get('blacklisted_spaces', []):
raise HTTP409('Subscription not allowed to space: %s' % name)
elif [space.public_bag(), ''] in recipe:
raise HTTP409('Space already subscribed: %s' % name)
return space
def determine_space_recipe(environ, space_name):
"""
Given a space name, check if the current user is a member of that
named space. If so, use the private recipe.
"""
store = environ['tiddlyweb.store']
usersign = environ['tiddlyweb.usersign']
try:
space = Space(space_name)
recipe = Recipe(space.public_recipe())
recipe = store.get(recipe)
except (ValueError, StoreError), exc:
raise HTTP404('Space for %s does not exist: %s' % (space_name, exc))
def update_space_settings(environ, name):
"""
Read a tiddler named by SPACE_SERVER_SETTINGS in the current
space's public bag. Parse each line as a key:value pair which
is then injected tiddlyweb.query. The goal here is to allow
a space member to force incoming requests to use specific
settings, such as alpha or externalized.
"""
store = environ['tiddlyweb.store']
space = Space(name)
bag_name = space.public_bag()
tiddler = Tiddler(SPACE_SERVER_SETTINGS, bag_name)
data_text = ''
try:
tiddler = store.get(tiddler)
data_text = tiddler.text
except StoreError:
return _figure_default_index(environ, bag_name, space), False
query_strings = []
index = ''
lazy = False
for line in data_text.split('\n'):
try:
key, value = line.split(':', 1)
key = key.rstrip().lstrip()
value = value.rstrip().lstrip()
if key == 'index':
index = value
elif key == 'lazy':
if value.lower() == 'true':
lazy = True
else:
query_strings.append('%s=%s' % (key, value))
except ValueError:
pass
index = _figure_default_index(environ, bag_name, space, index)
query_string = ';'.join(query_strings)
filters, leftovers = parse_for_filters(query_string, environ)
environ['tiddlyweb.filters'].extend(filters)
query_data = parse_qs(leftovers, keep_blank_values=True)
environ['tiddlyweb.query'].update(
dict([(key, [value for value in values])
for key, values in query_data.items()]))
return index, lazy
def subscribe_space(environ, start_response):
"""
Subscribe and/or unsubscribe the spaces named in the JSON
content of the request to the space named in the URI. The current
user must be a member of the space. Raise 409 if the
JSON is no good. Raise 404 if the space does not exist.
Raise 409 if a space in the JSON does not exist.
"""
store = environ['tiddlyweb.store']
space_name = environ['wsgiorg.routing_args'][1]['space_name']
current_user = environ['tiddlyweb.usersign']
try:
current_space = Space(space_name)
except ValueError, exc:
raise HTTP409('Invalid space name: %s' % exc)
def confirm_space(environ, start_response):
"""
Confirm a spaces exists. If it does, raise 204. If
not, raise 404.
"""
store = environ['tiddlyweb.store']
space_name = environ['wsgiorg.routing_args'][1]['space_name']
try:
space = Space(space_name)
store.get(Recipe(space.public_recipe()))
store.get(Recipe(space.private_recipe()))
except NoRecipeError:
raise HTTP404('%s does not exist' % space_name)
start_response('204 No Content', [])
return ['']
def confirm_space(environ, start_response):
"""
Confirm a spaces exists. If it does, raise 204. If
not, raise 404.
"""
store = environ['tiddlyweb.store']
space_name = get_route_value(environ, 'space_name')
try:
space = Space(space_name)
store.get(Recipe(space.public_recipe()))
store.get(Recipe(space.private_recipe()))
except (NoRecipeError, ValueError):
raise HTTP404('%s does not exist' % space_name)
start_response('204 No Content', [])
return ['']
def _do_unsubscriptions(space_name, unsubscriptions, public_recipe_list,
private_recipe_list, store):
"""
Remove unsubscriptions from the space represented by
public_recipe_list and private_recipe_list.
"""
for space in unsubscriptions:
if space == space_name:
raise HTTP409('Attempt to unsubscribe self')
try:
unsubscribed_space = Space(space)
bag = unsubscribed_space.public_bag()
public_recipe_list.remove([bag, ""])
private_recipe_list.remove([bag, ""])
except ValueError, exc:
raise HTTP409('Invalid content for unsubscription: %s' % exc)
def _handle_dropping_privs(self, environ, req_uri):
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name == None:
return
space = Space(space_name)
store = environ['tiddlyweb.store']
container_name = req_uri.split('/')[2]
if req_uri.startswith('/bags/'):
recipe_name = determine_space_recipe(environ, space_name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return
if container_name in ADMIN_BAGS:
return
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [
bag for bag in recipe_bags
if not (Space.bag_is_public(bag) or Space.bag_is_private(
bag) or Space.bag_is_associate(bag))
]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def update_space_settings(environ, name):
"""
Read a tiddler named by SPACE_SERVER_SETTINGS in the current
space's public bag. Parse each line as a key:value pair which
is then injected tiddlyweb.query. The goal here is to allow
a space member to force incoming requests to use specific
settings, such as beta or externalized.
"""
store = environ['tiddlyweb.store']
# double assign to avoid later updates to the defaults
environ['tiddlyweb.space_settings'] = {}
environ['tiddlyweb.space_settings'].update(DEFAULT_SERVER_SETTINGS)
try:
space = Space(name)
except ValueError:
return
bag_name = space.public_bag()
tiddler = Tiddler(SPACE_SERVER_SETTINGS, bag_name)
data_text = ''
try:
tiddler = store.get(tiddler)
data_text = tiddler.text
except StoreError:
data_text = ''
query_strings = []
for line in data_text.split('\n'):
try:
key, value = line.split(':', 1)
key = key.strip()
value = value.strip()
if key in SERVER_SETTINGS_KEYS:
environ['tiddlyweb.space_settings'][key] = value
else:
query_strings.append('%s=%s' % (key, value))
except ValueError:
pass
# XXX: Disable the default new user app switcher temporarily
# TODO: Turn this back on when the app switcher is more complete
#_figure_default_index(environ, bag_name, space)
environ['tiddlyweb.space_settings']['extra_query'] = ';'.join(
query_strings)
def list_space_members(environ, start_response):
"""
List the members of the named space. You must be a member
to list the members.
"""
store = environ['tiddlyweb.store']
space_name = environ['wsgiorg.routing_args'][1]['space_name']
current_user = environ['tiddlyweb.usersign']
try:
space = Space(space_name)
private_space_bag = store.get(Bag(space.private_bag()))
private_space_bag.policy.allows(current_user, 'manage')
members = [
member for member in private_space_bag.policy.manage
if not member.startswith('R:')
]
except (ValueError, NoBagError):
raise HTTP404('No space for %s' % space_name)
start_response('200 OK',
[('Cache-Control', 'no-cache'),
('Content-Type', 'application/json; charset=UTF-8')])
return simplejson.dumps(members)
def make_space(space_name, store, member):
"""
The details of creating the bags and recipes that make up a space.
"""
space = Space(space_name)
for bag_name in space.list_bags():
bag = Bag(bag_name)
bag.policy = _make_policy(member)
if Space.bag_is_public(bag_name):
bag.policy.read = []
store.put(bag)
public_recipe = Recipe(space.public_recipe())
public_recipe.set_recipe(space.public_recipe_list())
private_recipe = Recipe(space.private_recipe())
private_recipe.set_recipe(space.private_recipe_list())
private_recipe.policy = _make_policy(member)
public_recipe.policy = _make_policy(member)
public_recipe.policy.read = []
store.put(public_recipe)
store.put(private_recipe)
def make_space(space_name, store, member):
"""
The details of creating the bags and recipes that make up a space.
"""
space = Space(space_name)
for bag_name in space.list_bags():
bag = Bag(bag_name)
bag.policy = _make_policy(member)
if Space.bag_is_public(bag_name):
bag.policy.read = []
store.put(bag)
info_tiddler = Tiddler('SiteInfo', space.public_bag())
info_tiddler.text = 'Space %s' % space_name
info_tiddler.modifier = store.environ.get('tiddlyweb.usersign',
{}).get('name', 'GUEST')
store.put(info_tiddler)
# Duplicate GettingStarted into public bag.
getting_started_tiddler = Tiddler(GETTING_STARTED_TIDDLER['title'],
GETTING_STARTED_TIDDLER['bag'])
try:
getting_started_tiddler = store.get(getting_started_tiddler)
getting_started_tiddler.bag = space.public_bag()
store.put(getting_started_tiddler)
except StoreError:
pass
public_recipe = Recipe(space.public_recipe())
public_recipe.set_recipe(space.public_recipe_list())
private_recipe = Recipe(space.private_recipe())
private_recipe.set_recipe(space.private_recipe_list())
private_recipe.policy = _make_policy(member)
public_recipe.policy = _make_policy(member)
public_recipe.policy.read = []
store.put(public_recipe)
store.put(private_recipe)
store_structure['recipes']['frontpage_public'])
store_structure['recipes']['frontpage_private']['policy']['read'] = ['R:ADMIN']
store_structure['recipes']['frontpage_private']['recipe'].append(
('frontpage_private', ''))
frontpage_policy = store_structure['bags']['frontpage_public']['policy']
spaces = {
'system-theme': 'TiddlySpace default theme',
'system-info': 'TiddlySpace default information tiddlers',
'system-plugins': 'TiddlySpace system plugins',
'system-images': 'TiddlySpace default images and icons',
}
# setup system space public bags and recipes
for space_name, description in spaces.items():
space = Space(space_name)
public_bag_name = space.public_bag()
private_bag_name = space.private_bag()
public_recipe_name = space.public_recipe()
private_recipe_name = space.private_recipe()
store_structure['bags'][public_bag_name] = {
'desc': description,
'policy': frontpage_policy,
}
store_structure['bags'][private_bag_name] = deepcopy(
store_structure['bags'][public_bag_name])
store_structure['bags'][private_bag_name]['policy']['read'] = ['R:ADMIN']
store_structure['recipes'][public_recipe_name] = {
'desc': description,
class ControlView(object):
"""
WSGI Middleware which adapts an incoming request to restrict what
entities from the store are visible to the requestor. The effective
result is that only those bags and recipes contained in the current
space are visible in the HTTP routes.
Filtering can be disabled with a custom HTTP header X-ControlView set
to the string 'false'.
"""
def __init__(self, application):
self.application = application
def __call__(self, environ, start_response):
req_uri = environ.get('SCRIPT_NAME', '') + environ.get('PATH_INFO', '')
disable_control_view = (environ.get('HTTP_X_CONTROLVIEW',
'').lower() == 'false')
http_host, host_url = determine_host(environ)
if http_host != host_url:
space_name = determine_space(environ, http_host)
if (space_name is not None and not disable_control_view and
(req_uri.startswith('/bags') or req_uri.startswith('/search')
or req_uri.startswith('/recipes'))):
response = self._handle_core_request(environ, req_uri,
space_name,
start_response)
if response:
return response
return self.application(environ, start_response)
def _handle_core_request(self, environ, req_uri, space_name,
start_response):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the visibility of entities.
"""
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
visible_bags = space.extra_bags()
for bag, _ in recipe.get_recipe(recipe_template(environ)):
visible_bags.append(bag)
visible_bags.extend(ADMIN_BAGS)
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
if recipe_name == space.private_recipe():
recipes = space.list_recipes()
else:
recipes = [space.public_recipe()]
def lister():
"""List recipes"""
for recipe in recipes:
yield Recipe(recipe)
return list_entities(environ,
start_response,
'list_recipes',
store_list=lister)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
def lister():
"""List bags"""
for bag in visible_bags:
yield Bag(bag)
return list_entities(environ,
start_response,
'list_bags',
store_list=lister)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
self._handle_search(environ, visible_bags)
else:
self._handle_descendant(req_uri, space, visible_bags)
def test_list_bags():
space = Space('cat')
assert sorted(
space.list_bags()) == ['cat_archive', 'cat_private', 'cat_public']
def test_list_recipes():
space = Space('cat')
assert sorted(space.list_recipes()) == ['cat_private', 'cat_public']
def test_private_bag():
space = Space('cat')
assert space.private_bag() == 'cat_private'
def _handle_core_request(self, environ, req_uri):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
request_method = environ['REQUEST_METHOD']
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
filter_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
if recipe_name == space.private_recipe():
filter_parts = space.list_recipes()
else:
filter_parts = [space.public_recipe()]
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
filter_parts = bags
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
filter_string = 'oom=bag:'
filter_parts = bags
filter_string += ','.join(filter_parts)
else:
entity_name = req_uri.split('/')[2]
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found' % entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found' % entity_name)
if filter_string:
filters, _ = parse_for_filters(filter_string)
for single_filter in filters:
environ['tiddlyweb.filters'].insert(0, single_filter)
def test_public_recipe():
space = Space('cat')
assert space.public_recipe() == 'cat_public'
def test_public_bag():
space = Space('cat')
assert space.public_bag() == 'cat_public'
def _handle_core_request(self, environ, req_uri, start_response):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return None
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
search_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
if recipe_name == space.private_recipe():
recipes = space.list_recipes()
else:
recipes = [space.public_recipe()]
def lister():
for recipe in recipes:
yield Recipe(recipe)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_recipes)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
def lister():
for bag in bags:
yield Bag(bag)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_bags)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
search_string = ' OR '.join(['bag:%s' % bag for bag in bags])
else:
entity_name = urllib.unquote(
req_uri.split('/')[2]).decode('utf-8')
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404(
'recipe %s not found due to ControlView' %
entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found due to ControlView' %
entity_name)
if search_string:
search_query = environ['tiddlyweb.query'].get('q', [''])[0]
environ['tiddlyweb.query.original'] = search_query
if search_query:
search_query = '%s AND (%s)' % (search_query,
search_string)
environ['tiddlyweb.query']['q'][0] = search_query
else:
search_query = '(%s)' % search_string
environ['tiddlyweb.query']['q'] = [search_query]
def test_private_recipe():
space = Space('cat')
assert space.private_recipe() == 'cat_private'
