def read(self, id):
allowed = shift.isPublic(id)
if not allowed:
loggedInUser = helper.getLoggedInUser()
if loggedInUser and shift.canRead(id, loggedInUser.get("_id")):
return data(shift.read(id))
else:
return error("Operation not permitted. You don't have permission to view this shift.", PermissionError)
else:
return data(shift.read(id))
def comment(self, id):
loggedInUser = helper.getLoggedInUser()
jsonData = helper.getRequestBody()
if jsonData != "":
theData = json.loads(jsonData)
if shift.canComment(id, loggedInUser["_id"]):
theUser = user.readById(loggedInUser["_id"])
theShift = shift.read(id)
event.create({
"meta": "comment",
"objectRef": "shift:%s" % id,
"streamId": shift.commentStream(id),
"displayString": "%s just commented on your %s on %s" % (theUser["userName"], theShift["space"]["name"], theShift["href"]),
"createdBy": loggedInUser["_id"],
"content": {
"href": theShift["href"],
"domain": theShift["domain"],
"text": theData["text"]
}
})
return ack
else:
return error("Operation not permitted. You don't have permission to comment on this shift.", PermissionError)
else:
return error("No data for comment.", NoDataError)
def unpublish(self, id):
loggedInUser = helper.getLoggedInUser()
theShift = shift.read(id)
if loggedInUser and shift.canUnpublish(id, loggedInUser['_id']):
shift.unpublish(id)
return ack
else:
return error("Operation not permitted. You don't have permission to publish this shift.", PermissionError)
def publish(self, id):
# NOTE: should mabye take publishData url parameter - David 9/5/2009
loggedInUser = helper.getLoggedInUser()
publishData = json.loads(helper.getRequestBody())
theShift = shift.read(id)
if loggedInUser and shift.canPublish(id, loggedInUser['_id']):
shift.publish(id, publishData)
return ack
else:
return error("Operation not permitted. You don't have permission to publish this shift.", PermissionError)
def proxy(self, id):
"""
Serves the proxy. Takes a shift id and returns the original page
where the shift was created, injects the required Javascript and CSS
and recreates the shift. All scripts and onload handlers are removed
from the original page to prevent interference with shift loading.
"""
try:
import models.shift as shift
from urllib import FancyURLopener, urlcleanup
from lxml.html import fromstring, tostring
from linkprocessor import LinkProcessor
except:
return self.statusPage(status="err", details="proxy")
class FancyOpener(FancyURLopener):
version = "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.1) Gecko/2008070206 Firefox/3.0.1"
pageopener = FancyOpener()
theShift = shift.read(id)
if theShift['type'] != 'shift':
return self.statusPage(status="err", details="proxyperm")
shiftId = theShift["_id"]
space = theShift["space"]["name"]
url = theShift["href"]
created = theShift["created"]
userName = theShift["userName"]
# clear the urllib cache
urlcleanup()
page = pageopener.open(url)
source = page.read()
linkprocessor = LinkProcessor();
linkprocessor.parse(source);
linkprocessor.set_url(url)
dom = linkprocessor.get_dom()
[node.drop_tree() for node in dom.cssselect("script")]
for node in dom.cssselect("*[onload]"):
del node.attrib['onload']
# load the space attributes
fh = open(os.path.join("spaces", space, "attrs.json"))
attrs = fh.read()
fh.close()
attrs = self.absolutify(json.loads(attrs))
# load the scripts
source = tostring(dom)
server = "http://localhost:%s" % serverport
ctxt = {
"server": server,
"spacesDir": "/".join([server, "spaces"]),
"shiftId": shiftId,
"space": space,
"shift": json.dumps(theShift),
"attrs": json.dumps(attrs),
}
t = Template(filename="server/bootstrap.mako", lookup=lookup)
source = source.replace("</head>", "%s</head>" % t.render(**ctxt))
# load proxy message
t = Template(filename="server/proxymessage.mako", lookup=lookup)
ctxt = {
"space": space,
"href": url,
"created": created,
"userName": userName,
}
source = source.replace("</body>", "%s</body>" % t.render(**ctxt))
return source