def setDiffField(self, pt_name, field, diff):
"""
Set the diff type for 'field' on the portal type 'pt_name' to 'diff'
"""
if pt_name not in self.portal_types.listContentTypes():
raise BadRequest('Error: invalid portal type')
elif not field:
raise BadRequest('Error: no field specified')
elif diff not in self.listDiffTypes():
raise BadRequest('Error: invalid diff type')
else:
self._pt_diffs.setdefault(pt_name, {})[field] = diff
self._p_changed = 1
def test_standard_error_message_is_called(self):
from zExceptions import BadRequest
from OFS.SimpleItem import SimpleItem
# handle_errors should default to True. It is a flag used for
# functional doctests. See ZPublisher/Test.py and
# ZPublisher/Publish.py.
class REQUEST(object):
class RESPONSE(object):
handle_errors = True
class StandardErrorMessage(object):
def __init__(self):
self.kw = {}
def __call__(self, **kw):
self.kw.clear()
self.kw.update(kw)
item = SimpleItem()
item.standard_error_message = sem = StandardErrorMessage()
try:
raise BadRequest("1")
except Exception:
item.raise_standardErrorMessage(client=item,
REQUEST=REQUEST())
self.assertEqual(sem.kw.get('error_type'), 'BadRequest')
def reply(self):
if not self.params:
raise BadRequest("Missing parameter typename")
# Disable CSRF protection
if "IDisableCSRFProtection" in dir(plone.protect.interfaces):
alsoProvides(self.request,
plone.protect.interfaces.IDisableCSRFProtection)
# Make sure we get the right dexterity-types adapter
if IPloneRestapiLayer.providedBy(self.request):
noLongerProvides(self.request, IPloneRestapiLayer)
data = json_body(self.request)
name = self.params.pop()
dtypes = queryMultiAdapter((self.context, self.request),
name="dexterity-types")
ctype = dtypes.publishTraverse(self.request, name)
self.update_layouts(name, data)
self.remove_fields(ctype, data)
self.remove_fieldsets(ctype, data)
self.add_fields(ctype, data)
self.add_fieldsets(ctype, data)
self.update_fields(ctype, data)
self.update_fieldsets(ctype, data)
serializeSchema(ctype.schema)
return self.reply_no_content()
def reply(self):
# Disable CSRF protection
if 'IDisableCSRFProtection' in dir(plone.protect.interfaces):
alsoProvides(self.request,
plone.protect.interfaces.IDisableCSRFProtection)
conversation = IConversation(self.context)
if self.comment_id and self.comment_id not in list(conversation):
self.request.response.setStatus(404)
return
# Fake request data
body = json_body(self.request)
for key, value in body.items():
self.request.form['form.widgets.' + key] = value
form = CommentForm(self.context, self.request)
form.update()
action = form.actions['comment']
data, errors = form.extractData()
if errors:
raise BadRequest({'errors': [err.error for err in errors]})
form.handleComment(form=form, action=action)
self.request.response.setStatus(204)
fix_location_header(self.context, self.request)
def transition(self):
if not hasattr(self, '_transition'):
self._transition = self.request.get('form.widgets.transition',
self.request.get('transition'))
if not self._transition:
raise BadRequest("A transition is required")
return self._transition
def testDebugExceptionsBypassesExceptionResponse(self):
from zExceptions import BadRequest
# Register an exception view for BadRequest
registerExceptionView(IException)
environ = self._makeEnviron()
start_response = DummyCallable()
_publish = DummyCallable()
_publish._raise = BadRequest('debugbypass')
# Responses will always have debug_exceptions set
def response_factory(stdout, stderr):
response = DummyResponse()
response.debug_exceptions = True
return response
try:
# With debug_exceptions, the exception view is not called.
with self.assertRaises(BadRequest):
self._callFUT(environ,
start_response,
_publish,
_response_factory=response_factory)
finally:
# Clean up view registration
unregisterExceptionView(IException)
def delete_permanently(self, REQUEST, uuid):
"""Permanently delete a trashed item by uuid.
"""
catalog = getToolByName(self.context, 'portal_catalog')
brains = catalog({'UID': uuid, 'trashed': True})
if len(brains) != 1:
raise BadRequest()
# The user maybe able to clean the trash, but depending on the workflow the user may not have
# delete permission in the given context
with api.env.adopt_roles(['Manager']):
path = brains[0].getPath()
obj = self.context.restrictedTraverse(path)
got_path = '/'.join(obj.getPhysicalPath())
if got_path != path:
raise ValueError(
'Unexpectly found path {!r} when looking for {!r}'.format(
got_path, path))
aq_parent(aq_inner(obj)).manage_immediatelyDeleteObjects(
[obj.getId()])
IStatusMessage(self.request).addStatusMessage(_(
u'statusmessage_content_permanently_deleted',
default=u'The content "${title}" has ben parmanently deleted.',
mapping={u'title': safe_unicode(obj.Title())}),
type='info')
return self.request.response.redirect(self.context.absolute_url() +
'/trash')
def __call__(self):
body = json.loads(self.request.get('BODY'))
url = body.get('url')
fileType = body.get('fileType')
fileTitle = body.get('fileTitle')
folderUID = body.get('folderUID')
if not url or not fileType or not fileTitle:
raise BadRequest(
u'Required url or fileType or fileTitle parameters not found.')
if not folderUID:
portal_url = getToolByName(self.context, "portal_url")
folder = portal_url.getPortalObject()
else:
folder = uuidToObject(folderUID)
if not getSecurityManager().checkPermission(AddPortalContent, folder):
response = self.request.RESPONSE
response.setStatus(403)
return "You are not authorized to add content to this folder."
fileName = fileUtils.getCorrectFileName(fileTitle + "." + fileType)
contentType = mimetypes.guess_type(fileName)[0] or ''
data = urlopen(url).read()
factory = IDXFileFactory(folder)
file = factory(fileName, contentType, data)
self.request.response.setHeader("Content-Type",
"application/json; charset=utf-8")
return json_dumps({"status": "success", "fileName": fileName})
def manage_changeProperties(self, REQUEST=None, **kw):
"""Change existing object properties.
Change object properties by passing either a REQUEST object or
name=value parameters
"""
if REQUEST is None:
props = {}
elif isinstance(REQUEST, dict):
props = REQUEST
else:
props = REQUEST.form
if kw:
for name, value in kw.items():
props[name] = value
propdict = self.propdict()
for name, value in props.items():
if self.hasProperty(name):
if not 'w' in propdict[name].get('mode', 'wd'):
raise BadRequest('%s cannot be changed' % escape(name))
self._updateProperty(name, value)
if REQUEST:
message = "Saved changes."
return self.manage_propertiesForm(self,
REQUEST,
manage_tabs_message=message)
def add(self, names):
data = json_body(self.request)
title = data.get("title", None)
if not title:
raise BadRequest("Property 'title' is required")
tid = data.get("id", None)
if not tid:
tid = idnormalizer.normalize(title).replace("-", "_")
description = data.get("description", "")
properties = {"id": tid, "title": title, "description": description}
# Disable CSRF protection
if "IDisableCSRFProtection" in dir(plone.protect.interfaces):
alsoProvides(self.request,
plone.protect.interfaces.IDisableCSRFProtection)
if IPloneRestapiLayer.providedBy(self.request):
noLongerProvides(self.request, IPloneRestapiLayer)
context = queryMultiAdapter((self.context, self.request),
name='dexterity-types')
add_type = queryMultiAdapter((context, self.request), name='add-type')
fti = add_type.form_instance.create(data=properties)
add_type.form_instance.add(fti)
return self.get([
tid,
])
def perform_custom_transition(self):
data = json_body(self.request)
self.disable_csrf_protection()
# TODO: Do we need to handle comments and publication dates
# etc. for dossier transitions like the original implementation does?
# For now we also extract these, but we don't do anything with them
# in the case of resolving a dossier.
comment = data.get('comment', '')
include_children = data.get('include_children', False)
publication_dates = self.parse_publication_dates(data)
args = [self.context], comment, publication_dates, include_children
if self.transition == 'dossier-transition-resolve':
self.resolve_dossier(*args)
elif self.transition == 'dossier-transition-activate':
self.activate_dossier(*args)
elif self.transition == 'dossier-transition-deactivate':
self.deactivate_dossier(*args)
elif self.transition == 'dossier-transition-reactivate':
self.reactivate_dossier(*args)
else:
raise BadRequest('Unexpected custom transition %r' %
self.transition)
def reply(self):
sm = getSecurityManager()
if len(self.query) > 0 and len(self.params) == 0:
query = self.query.get('query', '')
limit = self.query.get('limit', DEFAULT_SEARCH_RESULTS_LIMIT)
if query:
# Someone is searching users, check if he is authorized
if sm.checkPermission('Manage portal', self.context):
users = self._get_filtered_users(query, limit)
result = []
for user in users:
serializer = queryMultiAdapter(
(user, self.request),
ISerializeToJson
)
result.append(serializer())
return result
else:
self.request.response.setStatus(401)
return
else:
raise BadRequest("Query string supplied is not valid")
if len(self.params) == 0:
# Someone is asking for all users, check if he is authorized
if sm.checkPermission('Manage portal', self.context):
result = []
for user in self._get_users():
serializer = queryMultiAdapter(
(user, self.request),
ISerializeToJson
)
result.append(serializer())
return result
else:
self.request.response.setStatus(401)
return
# Some is asking one user, check if the logged in user is asking
# his own information or he is a Manager
mt = getToolByName(self.context, 'portal_membership')
current_user_id = mt.getAuthenticatedMember().getId()
if sm.checkPermission(
'plone.restapi: Access Plone user information', self.context) or \
(current_user_id and current_user_id == self._get_user_id):
# we retrieve the user on the user id not the username
user = self._get_user(self._get_user_id)
if not user:
self.request.response.setStatus(404)
return
serializer = queryMultiAdapter(
(user, self.request),
ISerializeToJson
)
return serializer()
else:
self.request.response.setStatus(401)
return
def manage_cutObjects(self, ids=None, REQUEST=None):
"""Put a reference to the objects named in ids in the clip board"""
if ids is None and REQUEST is not None:
raise BadRequest('No items specified')
elif ids is None:
raise ValueError('ids must be specified')
if isinstance(ids, str):
ids = [ids]
oblist = []
for id in ids:
ob = self._getOb(id)
if ob.wl_isLocked():
raise ResourceLockedError('Object "%s" is locked' % ob.getId())
if not ob.cb_isMoveable():
raise CopyError('Not Supported')
m = Moniker(ob)
oblist.append(m.dump())
cp = (1, oblist)
cp = _cb_encode(cp)
if REQUEST is not None:
resp = REQUEST['RESPONSE']
resp.setCookie('__cp', cp, path='%s' % cookie_path(REQUEST))
REQUEST['__cp'] = cp
return self.manage_main(self, REQUEST)
return cp
def read_params(self):
if len(self.params) != 2:
raise BadRequest(
"Must supply type and token ID as URL path parameters.")
return PARTICIPATION_TYPES_BY_PATH_IDENTIFIER.get(
self.params[0]), self.params[1]
def manage_delObjects(self, ids=None, uids=None, REQUEST=None):
"""Delete a subordinate object
The objects specified in 'ids' get deleted.
"""
if ids is None: ids = []
if uids is None: uids = []
if len(ids) > 0:
# Use default method
return ObjectManager.manage_delObjects(self, ids, REQUEST)
if not uids:
return MessageDialog(
title='No items specified',
message='No items were specified!',
action='./manage_main',
)
while uids:
uid = uids.pop()
ob = self.getPortalObject().portal_catalog.getObject(uid)
container = ob.aq_inner.aq_parent
id = ob.id
v = container._getOb(id, self)
if v is self:
raise BadRequest('%s does not exist' % id)
container._delObject(id)
if REQUEST is not None:
return self.manage_main(self, REQUEST, update_menu=1)
def __getitem__(self, name):
if name == "+":
# To-Do: Ideally this should be POST-only to protect
# against CSRF. It's not critical.
try:
layout = self.request.TraversalRequestNameStack.pop()
except IndexError:
raise BadRequest("Missing layout.")
def adding():
"""Add panel, then redirect to referer."""
self.addPanel(layout)
referer = (self.request.get('HTTP_REFERER')
or self.context.absolute_url())
return self.request.response.redirect(referer)
return ExplicitAcquisitionWrapper(adding, self)
for panel in self.getAssignments():
if panel.__name__ == name:
return panel.__of__(self)
raise KeyError(name)
def recurse_transition(self,
objs,
comment,
publication_dates,
include_children=False):
data = json_body(self.request)
for obj in objs:
if publication_dates:
deserializer = queryMultiAdapter((obj, self.request),
IDeserializeFromJson)
deserializer(data=publication_dates)
adapter = queryMultiAdapter((obj, getRequest()),
ITransitionExtender,
name=self.transition)
if adapter:
errors = adapter.validate_schema(data)
if errors:
raise BadRequest(errors)
self.wftool.doActionFor(obj,
self.transition,
comment=comment,
transition_params=data)
if include_children and IFolderish.providedBy(obj):
self.recurse_transition(obj.objectValues(), comment,
publication_dates, include_children)
def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen."""
valid_roles = self.valid_roles()
have = REQUEST.__contains__
permissions = self.ac_inherited_permissions(1)
fails = []
for ip in range(len(permissions)):
permission_name = permissions[ip][0]
permission_hash = _string_hash(permission_name)
roles = []
for role in valid_roles:
role_name = role
role_hash = _string_hash(role_name)
if have("permission_%srole_%s" % (permission_hash, role_hash)):
roles.append(role)
name, value = permissions[ip][:2]
try:
p = Permission(name, value, self)
if not have('acquire_%s' % permission_hash):
roles = tuple(roles)
p.setRoles(roles)
except Exception:
fails.append(name)
if fails:
raise BadRequest('Some permissions had errors: ' +
escape(', '.join(fails), True))
if REQUEST is not None:
return self.manage_access(REQUEST)
def add_field(context, request, data):
factory = data.get("factory", None)
title = data.get("title", None)
description = data.get("description", None)
required = data.get("required", False)
name = data.get("id", None)
if not name:
name = idnormalizer.normalize(title).replace("-", "_")
klass = None
vocabulary = queryUtility(IVocabularyFactory, name="Fields")
for term in vocabulary(context):
if factory not in (term.title, term.token):
continue
klass = term.value
break
if not klass:
raise BadRequest("Missing/Invalid parameter factory: %s" % factory)
add = queryMultiAdapter((context, request), name="add-field")
properties = {
"title": title,
"__name__": name,
"description": description,
"factory": klass,
"required": required,
}
field = add.form_instance.create(data=properties)
add.form_instance.add(field)
return get_info_for_field(context, request, name)
def reply(self):
if len(self.query) > 0 and len(self.params) == 0:
query = self.query.get('query', '')
limit = self.query.get('limit', DEFAULT_SEARCH_RESULTS_LIMIT)
if query:
groups = self._get_filtered_groups(query, limit)
result = []
for group in groups:
serializer = queryMultiAdapter((group, self.request),
ISerializeToJsonSummary)
result.append(serializer())
return result
else:
raise BadRequest("Query string supplied is not valid")
if len(self.params) == 0:
result = []
for group in self._get_groups():
serializer = queryMultiAdapter((group, self.request),
ISerializeToJsonSummary)
result.append(serializer())
return result
# we retrieve the user on the user id not the username
group = self._get_group(self._get_group_id)
if not group:
self.request.response.setStatus(404)
return
serializer = queryMultiAdapter((group, self.request), ISerializeToJson)
return serializer()
def send_data(self):
subject = self.form_data.get("subject", "") or self.block.get(
"default_subject", "")
mfrom = self.form_data.get("from", "") or self.block.get(
"default_from", "")
mreply_to = self.get_reply_to()
if not subject or not mfrom:
raise BadRequest(
translate(
_(
"send_required_field_missing",
default="Missing required field: subject or from.",
),
context=self.request,
))
portal = api.portal.get()
overview_controlpanel = getMultiAdapter((portal, self.request),
name="overview-controlpanel")
if overview_controlpanel.mailhost_warning():
raise BadRequest("MailHost is not configured.")
registry = getUtility(IRegistry)
mail_settings = registry.forInterface(IMailSchema, prefix="plone")
mto = self.block.get("default_to", mail_settings.email_from_address)
encoding = registry.get("plone.email_charset", "utf-8")
message = self.prepare_message()
msg = EmailMessage()
msg.set_content(message)
msg["Subject"] = subject
msg["From"] = mfrom
msg["To"] = mto
msg["Reply-To"] = mreply_to
msg.replace_header("Content-Type", 'text/html; charset="utf-8"')
self.manage_attachments(msg=msg)
self.send_mail(msg=msg, encoding=encoding)
for bcc in self.get_bcc():
# send a copy also to the fields with bcc flag
msg.replace_header("To", bcc)
self.send_mail(msg=msg, encoding=encoding)
def checkValidId(self, id, allow_dup=0):
# If allow_dup is false, an error will be raised if an object
# with the given id already exists. If allow_dup is true,
# only check that the id string contains no illegal chars;
# check_valid_id() will be called again later with allow_dup
# set to false before the object is added.
if not id or not isinstance(id, str):
if isinstance(id, unicode):
id = escape(id)
raise BadRequest('Empty or invalid id specified', id)
if bad_id(id) is not None:
raise BadRequest(
'The id "%s" contains characters illegal in URLs.' % escape(id))
if id in ('.', '..'):
raise BadRequest(
'The id "%s" is invalid because it is not traversable.' % id)
if id.startswith('_'):
raise BadRequest(
'The id "%s" is invalid because it '
'begins with an underscore.' % id)
if id.startswith('aq_'):
raise BadRequest(
'The id "%s" is invalid because it begins with "aq_".' % id)
if id.endswith('__'):
raise BadRequest(
'The id "%s" is invalid because it '
'ends with two underscores.' % id)
if not allow_dup:
obj = getattr(self, id, None)
if obj is not None:
# An object by the given id exists either in this
# ObjectManager or in the acquisition path.
flags = getattr(obj, '__replaceable__', NOT_REPLACEABLE)
if hasattr(aq_base(self), id):
# The object is located in this ObjectManager.
if not flags & REPLACEABLE:
raise BadRequest(
'The id "%s" is invalid - it is already in use.' % id)
# else the object is replaceable even if the UNIQUE
# flag is set.
elif flags & UNIQUE:
raise BadRequest('The id "%s" is reserved.' % id)
if id == 'REQUEST':
raise BadRequest('REQUEST is a reserved name.')
if '/' in id:
raise BadRequest(
'The id "%s" contains characters illegal in URLs.' % id)
def __call__(self):
"""Answer for the webservice."""
wa_path = self.request.form.get('wa', False)
year = self.request.form.get('year', False)
#import ipdb; ipdb.set_trace()
# self.context.gwopa_year_phases[1]
#{'end': 'June 11, 2021', 'end_iso': '2021-06-11', 'pattern_end': '2021,5,11', 'start': 'June 11, 2020', 'pattern_start': '2020,5,11', 'start_iso': '2020-06-11', 'fase': 2}
if not wa_path:
BadRequest('Working area are required')
if not year:
BadRequest('Year are required')
results = []
titles = []
values = [{'data': []}]
if wa_path:
activities = api.content.find(portal_type=['Activity'],
path={
'query': wa_path,
'depth': 1
})
for act in activities:
outputs = api.content.find(portal_type=['Output'],
path={
'query': act.getPath(),
'depth': 1
})
for output in outputs:
titles.append(output.Title)
annotations = IAnnotations(output.getObject())
KEY = "GWOPA_TARGET_YEAR_" + str(year)
if annotations[KEY]['planned'] == '' or annotations[KEY][
'monitoring'] == '' or annotations[KEY][
'monitoring']['progress'] == '':
value = 0
else:
planned = annotations[KEY]['planned']
real = annotations[KEY]['monitoring']['progress']
value = percentage(real, planned)
values[0]['data'].append(value)
results.append(titles)
results.append(values)
self.request.response.setHeader("Content-type", "application/json")
return json.dumps(results)
else:
return None
def __call__(self):
transition = self.request.get('transition')
if not transition:
raise BadRequest('transition')
handler = self._interceptors.get(
transition, self.__class__.redirect_to_content_status_modify)
return handler(self, self.context, transition)
def _delProperty(self, id):
# Delete the property with the given id. If a property with the
# given id does not exist, a ValueError is raised.
if not self.hasProperty(id):
raise BadRequest('The property %s does not exist.' %
escape(id, True))
vself = self.v_self()
if hasattr(vself, '_reserved_names'):
nd = vself._reserved_names
else:
nd = ()
if ('d' not in self.propertyInfo(id).get('mode', 'wd')) or (id in nd):
raise BadRequest('%s cannot be deleted.' % escape(id, True))
delattr(vself, id)
pself = self.p_self()
pself._properties = tuple(
[i for i in pself._properties if i['id'] != id])
def validate(*args, **kwargs):
registry = getUtility(IRegistry)
settings = registry.forInterface(ISearchSettings)
if not settings.use_solr:
raise BadRequest("Solr is deactivated. The @listing endpoint is "
"only available with an activated solr")
return func(*args, **kwargs)
def validate_form(self, form_data):
"""
check all required fields and parameters
"""
for field in ["channels", "email"]:
if not form_data.get(field, ""):
raise BadRequest(
"Campo obbligatorio mancante: {}".format(field))
def reply(self):
alsoProvides(self.request, IDisableCSRFProtection)
if not self.id:
raise BadRequest("Missing id")
tool = getUtility(self.store)
res = tool.delete(id=self.id)
if not res:
return self.reply_no_content()
if res.get("error", "") == "NotFound":
raise BadRequest('Unable to find item with id "{}"'.format(self.id))
self.request.response.setStatus(500)
return dict(
error=dict(
type="InternalServerError",
message="Unable to delete item. Contact site manager.",
)
)
def validate_additional_schema(self, data, schema):
"""This will validate the values in data corresponding to
the fields from schema, check that all required fields are
in data, and validate the invariants.
"""
errors = get_validation_errors(self.context, data, schema)
if errors:
raise BadRequest(errors)
def reply(self):
if len(self.params) < 2:
raise BadRequest("Can't delete Control Panel: %s" % self.params)
panel = self.panel_by_name(self.params[0])
panel.delete(self.params[1:])
return self.reply_no_content()
