def _handle_dropping_privs(self, environ, req_uri): if environ['tiddlyweb.usersign']['name'] == 'GUEST': return http_host, _ = determine_host(environ) space_name = determine_space(environ, http_host) if space_name == None: return space = Space(space_name) store = environ['tiddlyweb.store'] container_name = req_uri.split('/')[2] if req_uri.startswith('/bags/'): recipe_name = determine_space_recipe(environ, space_name) space_recipe = store.get(Recipe(recipe_name)) template = recipe_template(environ) recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)] recipe_bags.extend(space.extra_bags()) if environ['REQUEST_METHOD'] == 'GET': if container_name in recipe_bags: return if container_name in ADMIN_BAGS: return else: base_bags = space.list_bags() # add bags in the recipe which may have been added # by the recipe mgt. That is: bags which are not # included and not core. acceptable_bags = [ bag for bag in recipe_bags if not (Space.bag_is_public(bag) or Space.bag_is_private( bag) or Space.bag_is_associate(bag)) ] acceptable_bags.extend(base_bags) acceptable_bags.extend(ADMIN_BAGS) if container_name in acceptable_bags: return if (req_uri.startswith('/recipes/') and container_name in space.list_recipes()): return self._drop_privs(environ) return
def _handle_dropping_privs(self, environ, req_uri): if environ['tiddlyweb.usersign']['name'] == 'GUEST': return http_host, _ = determine_host(environ) space_name = determine_space(environ, http_host) if space_name == None: return space = Space(space_name) store = environ['tiddlyweb.store'] container_name = req_uri.split('/')[2] if req_uri.startswith('/bags/'): recipe_name = determine_space_recipe(environ, space_name) space_recipe = store.get(Recipe(recipe_name)) template = recipe_template(environ) recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)] recipe_bags.extend(space.extra_bags()) if environ['REQUEST_METHOD'] == 'GET': if container_name in recipe_bags: return if container_name in ADMIN_BAGS: return else: base_bags = space.list_bags() # add bags in the recipe which may have been added # by the recipe mgt. That is: bags which are not # included and not core. acceptable_bags = [bag for bag in recipe_bags if not ( Space.bag_is_public(bag) or Space.bag_is_private(bag) or Space.bag_is_associate(bag))] acceptable_bags.extend(base_bags) acceptable_bags.extend(ADMIN_BAGS) if container_name in acceptable_bags: return if (req_uri.startswith('/recipes/') and container_name in space.list_recipes()): return self._drop_privs(environ) return
def _handle_core_request(self, environ, req_uri): """ Override a core request, adding filters or sending 404s where necessary to limit the view of entities. filtering can be disabled with a custom HTTP header X-ControlView set to false """ http_host, host_url = determine_host(environ) request_method = environ['REQUEST_METHOD'] disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false' if http_host != host_url and not disable_ControlView: space_name = determine_space(environ, http_host) if space_name == None: return recipe_name = determine_space_recipe(environ, space_name) store = environ['tiddlyweb.store'] try: recipe = store.get(Recipe(recipe_name)) except NoRecipeError, exc: raise HTTP404('No recipe for space: %s', exc) space = Space(space_name) template = recipe_template(environ) bags = space.extra_bags() for bag, _ in recipe.get_recipe(template): bags.append(bag) bags.extend(ADMIN_BAGS) filter_string = None if req_uri.startswith('/recipes') and req_uri.count('/') == 1: filter_string = 'oom=name:' if recipe_name == space.private_recipe(): filter_parts = space.list_recipes() else: filter_parts = [space.public_recipe()] filter_string += ','.join(filter_parts) elif req_uri.startswith('/bags') and req_uri.count('/') == 1: filter_string = 'oom=name:' filter_parts = bags filter_string += ','.join(filter_parts) elif req_uri.startswith('/search') and req_uri.count('/') == 1: filter_string = 'oom=bag:' filter_parts = bags filter_string += ','.join(filter_parts) else: entity_name = req_uri.split('/')[2] if '/recipes/' in req_uri: valid_recipes = space.list_recipes() if entity_name not in valid_recipes: raise HTTP404('recipe %s not found' % entity_name) else: if entity_name not in bags: raise HTTP404('bag %s not found' % entity_name) if filter_string: filters, _ = parse_for_filters(filter_string) for single_filter in filters: environ['tiddlyweb.filters'].insert(0, single_filter)
def _handle_core_request(self, environ, req_uri, start_response): """ Override a core request, adding filters or sending 404s where necessary to limit the view of entities. filtering can be disabled with a custom HTTP header X-ControlView set to false """ http_host, host_url = determine_host(environ) disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false' if http_host != host_url and not disable_ControlView: space_name = determine_space(environ, http_host) if space_name == None: return None recipe_name = determine_space_recipe(environ, space_name) store = environ['tiddlyweb.store'] try: recipe = store.get(Recipe(recipe_name)) except NoRecipeError, exc: raise HTTP404('No recipe for space: %s', exc) space = Space(space_name) template = recipe_template(environ) bags = space.extra_bags() for bag, _ in recipe.get_recipe(template): bags.append(bag) bags.extend(ADMIN_BAGS) search_string = None if req_uri.startswith('/recipes') and req_uri.count('/') == 1: serialize_type, mime_type = get_serialize_type(environ) serializer = Serializer(serialize_type, environ) if recipe_name == space.private_recipe(): recipes = space.list_recipes() else: recipes = [space.public_recipe()] def lister(): for recipe in recipes: yield Recipe(recipe) return list_entities(environ, start_response, mime_type, lister, serializer.list_recipes) elif req_uri.startswith('/bags') and req_uri.count('/') == 1: serialize_type, mime_type = get_serialize_type(environ) serializer = Serializer(serialize_type, environ) def lister(): for bag in bags: yield Bag(bag) return list_entities(environ, start_response, mime_type, lister, serializer.list_bags) elif req_uri.startswith('/search') and req_uri.count('/') == 1: search_string = ' OR '.join(['bag:%s' % bag for bag in bags]) else: entity_name = urllib.unquote( req_uri.split('/')[2]).decode('utf-8') if '/recipes/' in req_uri: valid_recipes = space.list_recipes() if entity_name not in valid_recipes: raise HTTP404('recipe %s not found due to ControlView' % entity_name) else: if entity_name not in bags: raise HTTP404('bag %s not found due to ControlView' % entity_name) if search_string: search_query = environ['tiddlyweb.query'].get('q', [''])[0] environ['tiddlyweb.query.original'] = search_query if search_query: search_query = '%s AND (%s)' % (search_query, search_string) environ['tiddlyweb.query']['q'][0] = search_query else: search_query = '(%s)' % search_string environ['tiddlyweb.query']['q'] = [search_query]
def _handle_core_request(self, environ, req_uri, start_response): """ Override a core request, adding filters or sending 404s where necessary to limit the view of entities. filtering can be disabled with a custom HTTP header X-ControlView set to false """ http_host, host_url = determine_host(environ) disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false' if http_host != host_url and not disable_ControlView: space_name = determine_space(environ, http_host) if space_name == None: return None recipe_name = determine_space_recipe(environ, space_name) store = environ['tiddlyweb.store'] try: recipe = store.get(Recipe(recipe_name)) except NoRecipeError, exc: raise HTTP404('No recipe for space: %s', exc) space = Space(space_name) template = recipe_template(environ) bags = space.extra_bags() for bag, _ in recipe.get_recipe(template): bags.append(bag) bags.extend(ADMIN_BAGS) search_string = None if req_uri.startswith('/recipes') and req_uri.count('/') == 1: serialize_type, mime_type = get_serialize_type(environ) serializer = Serializer(serialize_type, environ) if recipe_name == space.private_recipe(): recipes = space.list_recipes() else: recipes = [space.public_recipe()] def lister(): for recipe in recipes: yield Recipe(recipe) return list_entities(environ, start_response, mime_type, lister, serializer.list_recipes) elif req_uri.startswith('/bags') and req_uri.count('/') == 1: serialize_type, mime_type = get_serialize_type(environ) serializer = Serializer(serialize_type, environ) def lister(): for bag in bags: yield Bag(bag) return list_entities(environ, start_response, mime_type, lister, serializer.list_bags) elif req_uri.startswith('/search') and req_uri.count('/') == 1: search_string = ' OR '.join(['bag:%s' % bag for bag in bags]) else: entity_name = urllib.unquote( req_uri.split('/')[2]).decode('utf-8') if '/recipes/' in req_uri: valid_recipes = space.list_recipes() if entity_name not in valid_recipes: raise HTTP404( 'recipe %s not found due to ControlView' % entity_name) else: if entity_name not in bags: raise HTTP404('bag %s not found due to ControlView' % entity_name) if search_string: search_query = environ['tiddlyweb.query'].get('q', [''])[0] environ['tiddlyweb.query.original'] = search_query if search_query: search_query = '%s AND (%s)' % (search_query, search_string) environ['tiddlyweb.query']['q'][0] = search_query else: search_query = '(%s)' % search_string environ['tiddlyweb.query']['q'] = [search_query]