def POST(self): rtn = None try: if session.has_token() is False: anonymous_user = user.login(user.ANONYMOUS_ACCOUNT_NAME, None) session.set_token(anonymous_user) operation = user.get_operation(handler_class=self.get_qualified_name()) if operation is not None: paramnames = operation.get_resource_oql_paramnames() oqlparams = self._get_resource_oql_params(paramnames) if user.has_permission(self._get_user_id(), operation.operation_key, oqlparams=oqlparams): rtn = self.execute() else: if session.get_token().is_anonymous(): raise SessionExpiredError(session.get_token()) else: raise UnauthorizedError() else: raise CoreError("%s is not related to operation.", self.get_qualified_name()) except BaseException, e: msg = str(e) msg += traceback.format_exc() log.get_logger().error(msg) rtn = self._new_rtn(e=e).to_json()
def _get_resource_oql_params(self, paramnames): oqlparams = {} if len(paramnames) > 0: data = self._get_data() for paramname in paramnames: if hasattr(session.get_token(), paramname): oqlparams[paramname] = getattr(session.get_token(), paramname) elif data.has_key(paramname): oqlparams[paramname] = data[paramname] else: raise UnauthorizedError() return oqlparams
def execute(self): web.header("Content-Type", "application/x-javascript") translations = {} langs = conf.get_supported_languages() for lang in langs: results = i18n.fetch_i18ns(locale=lang, return_dic=True) translations[lang] = results js = "var I18N = {" js += "translations : %s," % jsonutil.to_json(translations) js += "defaultLanguage : '%s'" % conf.get_preferred_language() js += "};" js += "var G_VERSION='%s';" % conf.G_VERSION js += "var EMPTY_UID=%d;" % model.EMPTY_UID js += "var LOGIN_USER=%s;" % jsonutil.to_json(session.get_token().to_dict()) js += conf.dynamicjs_hook() return js
def _get_user_id(self): return session.get_token().user_id
def decrypt_password(password): password = password.decode('hex') return cryptoutil.rsa_decrypt(password, session.get_token().rsa_key)