def _handle_dropping_privs(self, environ, req_uri):
"""
Determin if this request is to be considered "in space" or
not. If it is not and the current user is not GUEST we need
to pretend that the current user is GUEST, effectively
"dropping" privileges.
"""
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name is None:
return
space = Space(space_name)
container_name = req_uri.split('/')[2]
if (req_uri.startswith('/bags/')
and self._valid_bag(environ, space, container_name)):
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _handle_dropping_privs(self, environ, req_uri):
"""
Determin if this request is to be considered "in space" or
not. If it is not and the current user is not GUEST we need
to pretend that the current user is GUEST, effectively
"dropping" privileges.
"""
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name is None:
return
space = Space(space_name)
container_name = req_uri.split('/')[2]
if (req_uri.startswith('/bags/')
and self._valid_bag(environ, space, container_name)):
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _handle_dropping_privs(self, environ, req_uri):
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name == None:
return
space = Space(space_name)
store = environ['tiddlyweb.store']
container_name = req_uri.split('/')[2]
if req_uri.startswith('/bags/'):
recipe_name = determine_space_recipe(environ, space_name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return
if container_name in ADMIN_BAGS:
return
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [
bag for bag in recipe_bags
if not (Space.bag_is_public(bag) or Space.bag_is_private(
bag) or Space.bag_is_associate(bag))
]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _handle_dropping_privs(self, environ, req_uri):
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name == None:
return
space = Space(space_name)
store = environ['tiddlyweb.store']
container_name = req_uri.split('/')[2]
if req_uri.startswith('/bags/'):
recipe_name = determine_space_recipe(environ, space_name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return
if container_name in ADMIN_BAGS:
return
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [bag for bag in recipe_bags if not (
Space.bag_is_public(bag) or Space.bag_is_private(bag)
or Space.bag_is_associate(bag))]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _handle_core_request(self, environ, req_uri):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
request_method = environ['REQUEST_METHOD']
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
filter_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
if recipe_name == space.private_recipe():
filter_parts = space.list_recipes()
else:
filter_parts = [space.public_recipe()]
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
filter_parts = bags
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
filter_string = 'oom=bag:'
filter_parts = bags
filter_string += ','.join(filter_parts)
else:
entity_name = req_uri.split('/')[2]
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found' % entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found' % entity_name)
if filter_string:
filters, _ = parse_for_filters(filter_string)
for single_filter in filters:
environ['tiddlyweb.filters'].insert(0, single_filter)
def test_list_recipes():
space = Space('cat')
assert sorted(space.list_recipes()) == ['cat_private', 'cat_public']
def _handle_core_request(self, environ, req_uri, start_response):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return None
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
search_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
if recipe_name == space.private_recipe():
recipes = space.list_recipes()
else:
recipes = [space.public_recipe()]
def lister():
for recipe in recipes:
yield Recipe(recipe)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_recipes)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
def lister():
for bag in bags:
yield Bag(bag)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_bags)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
search_string = ' OR '.join(['bag:%s' % bag
for bag in bags])
else:
entity_name = urllib.unquote(
req_uri.split('/')[2]).decode('utf-8')
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found due to ControlView'
% entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found due to ControlView'
% entity_name)
if search_string:
search_query = environ['tiddlyweb.query'].get('q', [''])[0]
environ['tiddlyweb.query.original'] = search_query
if search_query:
search_query = '%s AND (%s)' % (search_query,
search_string)
environ['tiddlyweb.query']['q'][0] = search_query
else:
search_query = '(%s)' % search_string
environ['tiddlyweb.query']['q'] = [search_query]
def _handle_core_request(self, environ, req_uri, start_response):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return None
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
search_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
if recipe_name == space.private_recipe():
recipes = space.list_recipes()
else:
recipes = [space.public_recipe()]
def lister():
for recipe in recipes:
yield Recipe(recipe)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_recipes)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
def lister():
for bag in bags:
yield Bag(bag)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_bags)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
search_string = ' OR '.join(['bag:%s' % bag for bag in bags])
else:
entity_name = urllib.unquote(
req_uri.split('/')[2]).decode('utf-8')
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404(
'recipe %s not found due to ControlView' %
entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found due to ControlView' %
entity_name)
if search_string:
search_query = environ['tiddlyweb.query'].get('q', [''])[0]
environ['tiddlyweb.query.original'] = search_query
if search_query:
search_query = '%s AND (%s)' % (search_query,
search_string)
environ['tiddlyweb.query']['q'][0] = search_query
else:
search_query = '(%s)' % search_string
environ['tiddlyweb.query']['q'] = [search_query]
def test_list_recipes():
space = Space('cat')
assert sorted(space.list_recipes()) == ['cat_private', 'cat_public']
def _handle_core_request(self, environ, req_uri):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
request_method = environ['REQUEST_METHOD']
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
filter_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
if recipe_name == space.private_recipe():
filter_parts = space.list_recipes()
else:
filter_parts = [space.public_recipe()]
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
filter_parts = bags
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
filter_string = 'oom=bag:'
filter_parts = bags
filter_string += ','.join(filter_parts)
else:
entity_name = req_uri.split('/')[2]
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found' % entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found' % entity_name)
if filter_string:
filters, _ = parse_for_filters(filter_string)
for single_filter in filters:
environ['tiddlyweb.filters'].insert(0, single_filter)
