def DELETE(self, REQUEST, RESPONSE):
"""Delete a collection resource. For collection resources, DELETE
may return either 200 (OK) or 204 (No Content) to indicate total
success, or may return 207 (Multistatus) to indicate partial
success. Note that in Zope a DELETE currently never returns 207."""
from webdav.davcmds import DeleteCollection
self.dav__init(REQUEST, RESPONSE)
ifhdr = REQUEST.get_header('If', '')
url = urlfix(REQUEST['URL'], 'DELETE')
name = unquote(filter(None, url.split('/'))[-1])
parent = self.aq_parent
sm = getSecurityManager()
token = None
# if re.match("/Control_Panel",REQUEST['PATH_INFO']):
# RESPONSE.setStatus(403)
# RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
# return RESPONSE
# Level 1 of lock checking (is the collection or its parent locked?)
if wl_isLocked(self):
if ifhdr:
self.dav__simpleifhandler(REQUEST, RESPONSE, 'DELETE', col=1)
else:
raise Locked
elif wl_isLocked(parent):
if ifhdr:
parent.dav__simpleifhandler(REQUEST, RESPONSE, 'DELETE', col=1)
else:
raise PreconditionFailed
# Second level of lock\conflict checking (are any descendants locked,
# or is the user not permitted to delete?). This results in a
# multistatus response
if ifhdr:
tokens = self.wl_lockTokens()
for tok in tokens:
# We already know that the simple if handler succeeded,
# we just want to get the right token out of the header now
if ifhdr.find(tok) > -1:
token = tok
cmd = DeleteCollection()
result = cmd.apply(self, token, sm, REQUEST['URL'])
if result:
# There were conflicts, so we need to report them
RESPONSE.setStatus(207)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setBody(result)
else:
# There were no conflicts, so we can go ahead and delete
# ajung: additional check if we really could delete the collection
# (Collector #2196)
if parent.manage_delObjects([name], REQUEST=None) is None:
RESPONSE.setStatus(204)
else:
RESPONSE.setStatus(403)
return RESPONSE
def test_wl_isLocked(self):
from OFS.Lockable import wl_isLocked
unlockable = UnlockableResource()
self.assertFalse(wl_isLocked(unlockable))
lockable_unlocked = LockableResource(locked=False)
self.assertFalse(wl_isLocked(lockable_unlocked))
lockable_locked = LockableResource(locked=True)
self.assertTrue(wl_isLocked(lockable_locked))
def test_wl_isLocked(self):
from OFS.Lockable import wl_isLocked
unlockable = UnlockableResource()
self.assertFalse(wl_isLocked(unlockable))
lockable_unlocked = LockableResource(locked=False)
self.assertFalse(wl_isLocked(lockable_unlocked))
lockable_locked = LockableResource(locked=True)
self.assertTrue(wl_isLocked(lockable_locked))
def DELETE(self, REQUEST, RESPONSE):
"""Delete a collection resource. For collection resources, DELETE
may return either 200 (OK) or 204 (No Content) to indicate total
success, or may return 207 (Multistatus) to indicate partial
success. Note that in Zope a DELETE currently never returns 207."""
from webdav.davcmds import DeleteCollection
self.dav__init(REQUEST, RESPONSE)
ifhdr = REQUEST.get_header('If', '')
url = urlfix(REQUEST['URL'], 'DELETE')
name = unquote(filter(None, url.split('/'))[-1])
parent = self.aq_parent
sm = getSecurityManager()
token = None
# Level 1 of lock checking (is the collection or its parent locked?)
if wl_isLocked(self):
if ifhdr:
self.dav__simpleifhandler(REQUEST, RESPONSE, 'DELETE', col=1)
else:
raise Locked
elif wl_isLocked(parent):
if ifhdr:
parent.dav__simpleifhandler(REQUEST, RESPONSE, 'DELETE', col=1)
else:
raise PreconditionFailed
# Second level of lock\conflict checking (are any descendants locked,
# or is the user not permitted to delete?). This results in a
# multistatus response
if ifhdr:
tokens = self.wl_lockTokens()
for tok in tokens:
# We already know that the simple if handler succeeded,
# we just want to get the right token out of the header now
if ifhdr.find(tok) > -1:
token = tok
cmd = DeleteCollection()
result = cmd.apply(self, token, sm, REQUEST['URL'])
if result:
# There were conflicts, so we need to report them
RESPONSE.setStatus(207)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setBody(result)
else:
# There were no conflicts, so we can go ahead and delete
# ajung: additional check if we really could delete the collection
# (Collector #2196)
if parent.manage_delObjects([name], REQUEST=None) is None:
RESPONSE.setStatus(204)
else:
RESPONSE.setStatus(403)
return RESPONSE
def LOCK(self, REQUEST, RESPONSE):
"""Lock a resource"""
from webdav.davcmds import Lock
self.dav__init(REQUEST, RESPONSE)
security = getSecurityManager()
creator = security.getUser()
body = REQUEST.get('BODY', '')
ifhdr = REQUEST.get_header('If', None)
depth = REQUEST.get_header('Depth', 'infinity')
alreadylocked = wl_isLocked(self)
if body and alreadylocked:
# This is a full LOCK request, and the Resource is
# already locked, so we need to raise the alreadylocked
# exception.
RESPONSE.setStatus(423)
elif body:
# This is a normal lock request with an XML payload
cmd = Lock(REQUEST)
token, result = cmd.apply(self, creator, depth=depth)
if result:
# Return the multistatus result (there were multiple
# errors. Note that davcmds.Lock.apply aborted the
# transaction already.
RESPONSE.setStatus(207)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setBody(result)
else:
# Success
lock = self.wl_getLock(token)
RESPONSE.setStatus(200)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setHeader('Lock-Token', 'opaquelocktoken:' + token)
RESPONSE.setBody(lock.asXML())
else:
# There's no body, so this likely to be a refresh request
if not ifhdr:
raise PreconditionFailed('If Header Missing')
taglist = IfParser(ifhdr)
found = 0
for tag in taglist:
for listitem in tag.list:
token = tokenFinder(listitem)
if token and self.wl_hasLock(token):
lock = self.wl_getLock(token)
timeout = REQUEST.get_header('Timeout', 'Infinite')
lock.setTimeout(timeout) # automatically refreshes
found = 1
RESPONSE.setStatus(200)
RESPONSE.setHeader('Content-Type',
'text/xml; charset="utf-8"')
RESPONSE.setBody(lock.asXML())
break
if found:
break
if not found:
RESPONSE.setStatus(412) # Precondition failed
return RESPONSE
def DELETE(self, REQUEST, RESPONSE):
"""Delete a resource. For non-collection resources, DELETE may
return either 200 or 204 (No Content) to indicate success."""
self.dav__init(REQUEST, RESPONSE)
ifhdr = REQUEST.get_header('If', '')
url = urlfix(REQUEST['URL'], 'DELETE')
name = unquote([_f for _f in url.split('/') if _f][-1])
parent = aq_parent(aq_inner(self))
# Lock checking
if wl_isLocked(self):
if ifhdr:
self.dav__simpleifhandler(REQUEST, RESPONSE, 'DELETE')
else:
# We're locked, and no if header was passed in, so
# the client doesn't own a lock.
raise Locked('Resource is locked.')
elif IWriteLock.providedBy(parent) and parent.wl_isLocked():
if ifhdr:
parent.dav__simpleifhandler(REQUEST, RESPONSE, 'DELETE', col=1)
else:
# Our parent is locked, and no If header was passed in.
# When a parent is locked, members cannot be removed
raise Locked('Parent of this resource is locked.')
# Either we're not locked, or a succesful lock token was submitted
# so we can delete the lock now.
# ajung: Fix for Collector # 2196
if parent.manage_delObjects([name], REQUEST=None) is None:
RESPONSE.setStatus(204)
else:
RESPONSE.setStatus(403)
return RESPONSE
def LOCK(self, REQUEST, RESPONSE):
"""Lock a resource"""
from webdav.davcmds import Lock
self.dav__init(REQUEST, RESPONSE)
security = getSecurityManager()
creator = security.getUser()
body = REQUEST.get('BODY', '')
ifhdr = REQUEST.get_header('If', None)
depth = REQUEST.get_header('Depth', 'infinity')
alreadylocked = wl_isLocked(self)
if body and alreadylocked:
# This is a full LOCK request, and the Resource is
# already locked, so we need to raise the alreadylocked
# exception.
RESPONSE.setStatus(423)
elif body:
# This is a normal lock request with an XML payload
cmd = Lock(REQUEST)
token, result = cmd.apply(self, creator, depth=depth)
if result:
# Return the multistatus result (there were multiple
# errors. Note that davcmds.Lock.apply aborted the
# transaction already.
RESPONSE.setStatus(207)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setBody(result)
else:
# Success
lock = self.wl_getLock(token)
RESPONSE.setStatus(200)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setHeader('Lock-Token', 'opaquelocktoken:' + token)
RESPONSE.setBody(lock.asXML())
else:
# There's no body, so this likely to be a refresh request
if not ifhdr:
raise PreconditionFailed('If Header Missing')
taglist = IfParser(ifhdr)
found = 0
for tag in taglist:
for listitem in tag.list:
token = tokenFinder(listitem)
if token and self.wl_hasLock(token):
lock = self.wl_getLock(token)
timeout = REQUEST.get_header('Timeout', 'Infinite')
lock.setTimeout(timeout) # automatically refreshes
found = 1
RESPONSE.setStatus(200)
RESPONSE.setHeader('Content-Type',
'text/xml; charset="utf-8"')
RESPONSE.setBody(lock.asXML())
break
if found:
break
if not found:
RESPONSE.setStatus(412) # Precondition failed
return RESPONSE
def DELETE(self, REQUEST, RESPONSE):
"""Delete a resource. For non-collection resources, DELETE may
return either 200 or 204 (No Content) to indicate success."""
self.dav__init(REQUEST, RESPONSE)
ifhdr = REQUEST.get_header('If', '')
url = urlfix(REQUEST['URL'], 'DELETE')
name = unquote(filter(None, url.split('/')[-1]))
parent = aq_parent(aq_inner(self))
# Lock checking
if wl_isLocked(self):
if ifhdr:
self.dav__simpleifhandler(REQUEST, RESPONSE, 'DELETE')
else:
# We're locked, and no if header was passed in, so
# the client doesn't own a lock.
raise Locked('Resource is locked.')
elif IWriteLock.providedBy(parent) and parent.wl_isLocked():
if ifhdr:
parent.dav__simpleifhandler(REQUEST, RESPONSE, 'DELETE', col=1)
else:
# Our parent is locked, and no If header was passed in.
# When a parent is locked, members cannot be removed
raise PreconditionFailed(
'Resource is locked, and no condition was passed in.')
# Either we're not locked, or a succesful lock token was submitted
# so we can delete the lock now.
# ajung: Fix for Collector # 2196
if parent.manage_delObjects([name], REQUEST=None) is None:
RESPONSE.setStatus(204)
else:
RESPONSE.setStatus(403)
return RESPONSE
def PROPPATCH(self, REQUEST, RESPONSE):
"""Set and/or remove properties defined on the resource."""
from webdav.davcmds import PropPatch
self.dav__init(REQUEST, RESPONSE)
if not hasattr(aq_base(self), 'propertysheets'):
raise MethodNotAllowed('Method not supported for this resource.')
# Lock checking
ifhdr = REQUEST.get_header('If', '')
if wl_isLocked(self):
if ifhdr:
self.dav__simpleifhandler(REQUEST, RESPONSE, 'PROPPATCH')
else:
raise Locked('Resource is locked.')
cmd = PropPatch(REQUEST)
result = cmd.apply(self)
RESPONSE.setStatus(207)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setBody(result)
return RESPONSE
def PROPPATCH(self, REQUEST, RESPONSE):
"""Set and/or remove properties defined on the resource."""
from webdav.davcmds import PropPatch
self.dav__init(REQUEST, RESPONSE)
if not hasattr(aq_base(self), 'propertysheets'):
raise MethodNotAllowed(
'Method not supported for this resource.')
# Lock checking
ifhdr = REQUEST.get_header('If', '')
if wl_isLocked(self):
if ifhdr:
self.dav__simpleifhandler(REQUEST, RESPONSE, 'PROPPATCH')
else:
raise Locked('Resource is locked.')
cmd = PropPatch(REQUEST)
result = cmd.apply(self)
RESPONSE.setStatus(207)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setBody(result)
return RESPONSE
def _findapply(self, obj, result=None, path=''):
# recursive function to actually dig through and find the locked
# objects.
if result is None:
result = []
base = aq_base(obj)
if not hasattr(base, 'objectItems'):
return result
try:
items = obj.objectItems()
except Exception:
return result
addresult = result.append
for id, ob in items:
if path:
p = f'{path}/{id}'
else:
p = id
dflag = hasattr(ob, '_p_changed') and (ob._p_changed is None)
bs = aq_base(ob)
if wl_isLocked(ob):
li = []
addlockinfo = li.append
for token, lock in ob.wl_lockItems():
addlockinfo({
'owner': lock.getCreatorPath(),
'token': token
})
addresult((p, li))
dflag = 0
if hasattr(bs, 'objectItems'):
self._findapply(ob, result, p)
if dflag:
ob._p_deactivate()
return result
def MOVE(self, REQUEST, RESPONSE):
"""Move a resource to a new location. Though we may later try to
make a move appear seamless across namespaces (e.g. from Zope
to Apache), MOVE is currently only supported within the Zope
namespace."""
self.dav__init(REQUEST, RESPONSE)
self.dav__validate(self, 'DELETE', REQUEST)
if not hasattr(aq_base(self), 'cb_isMoveable') or \
not self.cb_isMoveable():
raise MethodNotAllowed('This object may not be moved.')
dest = REQUEST.get_header('Destination', '')
try:
path = REQUEST.physicalPathFromURL(dest)
except ValueError:
raise BadRequest('No destination given')
flag = REQUEST.get_header('Overwrite', 'F')
flag = flag.upper()
name = path.pop()
parent_path = '/'.join(path)
try:
parent = self.restrictedTraverse(path)
except ValueError:
raise Conflict('Attempt to move to an unknown namespace.')
except 'Not Found':
raise Conflict('The resource %s must exist.' % parent_path)
except Exception:
raise
if hasattr(parent, '__null_resource__'):
raise Conflict('The resource %s must exist.' % parent_path)
existing = hasattr(aq_base(parent), name)
if existing and flag == 'F':
raise PreconditionFailed('Resource %s exists.' % dest)
try:
parent._checkId(name, allow_dup=1)
except Exception:
raise Forbidden(sys.exc_info()[1])
try:
parent._verifyObjectPaste(self)
except Unauthorized:
raise
except Exception:
raise Forbidden(sys.exc_info()[1])
# Now check locks. Since we're affecting the resource that we're
# moving as well as the destination, we have to check both.
ifhdr = REQUEST.get_header('If', '')
if existing:
# The destination itself exists, so we need to check its locks
destob = aq_base(parent)._getOb(name)
if IWriteLock.providedBy(destob) and destob.wl_isLocked():
if ifhdr:
itrue = destob.dav__simpleifhandler(
REQUEST, RESPONSE, 'MOVE', url=dest, refresh=1)
if not itrue:
raise PreconditionFailed
else:
raise Locked('Destination is locked.')
elif IWriteLock.providedBy(parent) and parent.wl_isLocked():
# There's no existing object in the destination folder, so
# we need to check the folders locks since we're changing its
# member list
if ifhdr:
itrue = parent.dav__simpleifhandler(REQUEST, RESPONSE, 'MOVE',
col=1, url=dest, refresh=1)
if not itrue:
raise PreconditionFailed('Condition failed.')
else:
raise Locked('Destination is locked.')
if wl_isLocked(self):
# Lastly, we check ourselves
if ifhdr:
itrue = self.dav__simpleifhandler(REQUEST, RESPONSE, 'MOVE',
refresh=1)
if not itrue:
raise PreconditionFailed('Condition failed.')
else:
raise Locked('Source is locked and no condition was passed in')
orig_container = aq_parent(aq_inner(self))
orig_id = self.getId()
self._notifyOfCopyTo(parent, op=1)
notify(ObjectWillBeMovedEvent(self, orig_container, orig_id,
parent, name))
# try to make ownership explicit so that it gets carried
# along to the new location if needed.
self.manage_changeOwnershipType(explicit=1)
ob = self._getCopy(parent)
ob._setId(name)
orig_container._delObject(orig_id, suppress_events=True)
if existing:
object = getattr(parent, name)
self.dav__validate(object, 'DELETE', REQUEST)
parent._delObject(name)
parent._setObject(name, ob, set_owner=0, suppress_events=True)
ob = parent._getOb(name)
notify(ObjectMovedEvent(ob, orig_container, orig_id, parent, name))
notifyContainerModified(orig_container)
if aq_base(orig_container) is not aq_base(parent):
notifyContainerModified(parent)
ob._postCopy(parent, op=1)
# try to make ownership implicit if possible
ob.manage_changeOwnershipType(explicit=0)
RESPONSE.setStatus(existing and 204 or 201)
if not existing:
RESPONSE.setHeader('Location', dest)
RESPONSE.setBody('')
return RESPONSE
def MOVE(self, REQUEST, RESPONSE):
"""Move a resource to a new location. Though we may later try to
make a move appear seamless across namespaces (e.g. from Zope
to Apache), MOVE is currently only supported within the Zope
namespace."""
self.dav__init(REQUEST, RESPONSE)
self.dav__validate(self, 'DELETE', REQUEST)
if not hasattr(aq_base(self), 'cb_isMoveable') or \
not self.cb_isMoveable():
raise MethodNotAllowed('This object may not be moved.')
dest = REQUEST.get_header('Destination', '')
try:
path = REQUEST.physicalPathFromURL(dest)
except ValueError:
raise BadRequest('No destination given')
flag = REQUEST.get_header('Overwrite', 'F')
flag = flag.upper()
name = path.pop()
parent_path = '/'.join(path)
try:
parent = self.restrictedTraverse(path)
except ValueError:
raise Conflict('Attempt to move to an unknown namespace.')
except 'Not Found':
raise Conflict('The resource %s must exist.' % parent_path)
except Exception:
raise
if hasattr(parent, '__null_resource__'):
raise Conflict('The resource %s must exist.' % parent_path)
existing = hasattr(aq_base(parent), name)
if existing and flag == 'F':
raise PreconditionFailed('Resource %s exists.' % dest)
try:
parent._checkId(name, allow_dup=1)
except Exception:
raise Forbidden(sys.exc_info()[1])
try:
parent._verifyObjectPaste(self)
except Unauthorized:
raise
except Exception:
raise Forbidden(sys.exc_info()[1])
# Now check locks. Since we're affecting the resource that we're
# moving as well as the destination, we have to check both.
ifhdr = REQUEST.get_header('If', '')
if existing:
# The destination itself exists, so we need to check its locks
destob = aq_base(parent)._getOb(name)
if IWriteLock.providedBy(destob) and destob.wl_isLocked():
if ifhdr:
itrue = destob.dav__simpleifhandler(
REQUEST, RESPONSE, 'MOVE', url=dest, refresh=1)
if not itrue:
raise PreconditionFailed
else:
raise Locked('Destination is locked.')
elif IWriteLock.providedBy(parent) and parent.wl_isLocked():
# There's no existing object in the destination folder, so
# we need to check the folders locks since we're changing its
# member list
if ifhdr:
itrue = parent.dav__simpleifhandler(REQUEST, RESPONSE, 'MOVE',
col=1, url=dest, refresh=1)
if not itrue:
raise PreconditionFailed('Condition failed.')
else:
raise Locked('Destination is locked.')
if wl_isLocked(self):
# Lastly, we check ourselves
if ifhdr:
itrue = self.dav__simpleifhandler(REQUEST, RESPONSE, 'MOVE',
refresh=1)
if not itrue:
raise PreconditionFailed('Condition failed.')
else:
raise Locked('Source is locked and no condition was passed in')
orig_container = aq_parent(aq_inner(self))
orig_id = self.getId()
self._notifyOfCopyTo(parent, op=1)
notify(ObjectWillBeMovedEvent(self, orig_container, orig_id,
parent, name))
# try to make ownership explicit so that it gets carried
# along to the new location if needed.
self.manage_changeOwnershipType(explicit=1)
ob = self._getCopy(parent)
ob._setId(name)
orig_container._delObject(orig_id, suppress_events=True)
if existing:
object = getattr(parent, name)
self.dav__validate(object, 'DELETE', REQUEST)
parent._delObject(name)
parent._setObject(name, ob, set_owner=0, suppress_events=True)
ob = parent._getOb(name)
notify(ObjectMovedEvent(ob, orig_container, orig_id, parent, name))
notifyContainerModified(orig_container)
if aq_base(orig_container) is not aq_base(parent):
notifyContainerModified(parent)
ob._postCopy(parent, op=1)
# try to make ownership implicit if possible
ob.manage_changeOwnershipType(explicit=0)
RESPONSE.setStatus(existing and 204 or 201)
if not existing:
RESPONSE.setHeader('Location', dest)
RESPONSE.setBody('')
return RESPONSE
