def _process_json_request(self, form):
"""Takes care about the json requests."""
argd = wash_urlargd(form, {
self._JSON_DATA_KEY: (str, ""),
})
# load json data
json_data_string = argd[self._JSON_DATA_KEY]
json_data_unicode = json.loads(json_data_string)
json_data = json_unicode_to_utf8(json_data_unicode)
language = json_data["language"]
search_criteria = json_data["searchCriteria"]
action_type = json_data["actionType"]
current_record_id = json_data["currentRecordID"]
commands = json_data["commands"]
output_format = json_data["outputFormat"]
page_to_display = json_data["pageToDisplay"]
if action_type == self._action_types.test_search:
return multi_edit_engine.perform_request_test_search(
search_criteria,
[],
output_format,
page_to_display,
language)
if action_type == self._action_types.display_detailed_record:
return multi_edit_engine.perform_request_detailed_record(
current_record_id,
[],
output_format,
language)
if action_type == self._action_types.preview_results:
commands_list = self._create_commands_list(commands)
return multi_edit_engine.perform_request_test_search(
search_criteria,
commands_list,
output_format,
page_to_display,
language)
if action_type == self._action_types.display_detailed_result:
commands_list = self._create_commands_list(commands)
return multi_edit_engine.perform_request_detailed_record(
current_record_id,
commands_list,
output_format,
language)
if action_type == self._action_types.submit_changes:
commands_list = self._create_commands_list(commands)
return multi_edit_engine.perform_request_submit_changes(search_criteria, commands_list, language)
# In case we obtain wrong action type we return empty page.
return " "
def __extract_attribute(self, req):
"""
Load from the request the given assertion, extract all the attribute
to properly login the user, and verify that the data are actually
both well formed and signed correctly.
"""
from invenio.bibedit_utils import json_unicode_to_utf8
from invenio.webinterface_handler import wash_urlargd
args = wash_urlargd(
req.form, {
'assertion': (str, ''),
'robot': (str, ''),
'digest': (str, ''),
'login_method': (str, '')
})
assertion = args['assertion']
digest = args['digest']
robot = args['robot']
login_method = args['login_method']
shared_key = load_robot_keys().get(login_method, {}).get(robot)
if shared_key is None:
raise InvenioWebAccessExternalAuthError(
"A key does not exist for robot: %s, login_method: %s" %
(robot, login_method))
if not self.verify(shared_key, assertion, digest):
raise InvenioWebAccessExternalAuthError(
"The provided assertion does not validate against the digest %s for robot %s"
% (repr(digest), repr(robot)))
if self.use_zlib:
try:
## Workaround to Perl implementation that does not add
## any padding to the base64 encoding.
needed_pad = (4 - len(assertion) % 4) % 4
assertion += needed_pad * '='
assertion = decompress(base64.urlsafe_b64decode(assertion))
except:
raise InvenioWebAccessExternalAuthError(
"The provided assertion is corrupted")
data = json_unicode_to_utf8(json.loads(assertion))
if not isinstance(data, dict):
raise InvenioWebAccessExternalAuthError(
"The provided assertion is invalid")
timeout = data[self.timeout_attribute_name]
if timeout < time.time():
raise InvenioWebAccessExternalAuthError(
"The provided assertion is expired")
userip = data.get(self.userip_attribute_name)
if not self.check_user_ip or (normalize_ip(userip) == normalize_ip(
req.remote_ip)):
return data
else:
raise InvenioWebAccessExternalAuthError(
"The provided assertion has been issued for a different IP address (%s instead of %s)"
% (userip, req.remote_ip))
def __extract_attribute(self, req):
"""
Load from the request the given assertion, extract all the attribute
to properly login the user, and verify that the data are actually
both well formed and signed correctly.
"""
from invenio.bibedit_utils import json_unicode_to_utf8
from invenio.webinterface_handler import wash_urlargd
args = wash_urlargd(req.form, {
'assertion': (str, ''),
'robot': (str, ''),
'digest': (str, ''),
'login_method': (str, '')})
assertion = args['assertion']
digest = args['digest']
robot = args['robot']
login_method = args['login_method']
shared_key = load_robot_keys().get(login_method, {}).get(robot)
if shared_key is None:
raise InvenioWebAccessExternalAuthError("A key does not exist for robot: %s, login_method: %s" % (robot, login_method))
if not self.verify(shared_key, assertion, digest):
raise InvenioWebAccessExternalAuthError("The provided assertion does not validate against the digest %s for robot %s" % (repr(digest), repr(robot)))
if self.use_zlib:
try:
## Workaround to Perl implementation that does not add
## any padding to the base64 encoding.
needed_pad = (4 - len(assertion) % 4) % 4
assertion += needed_pad * '='
assertion = decompress(base64.urlsafe_b64decode(assertion))
except:
raise InvenioWebAccessExternalAuthError("The provided assertion is corrupted")
data = json_unicode_to_utf8(json.loads(assertion))
if not isinstance(data, dict):
raise InvenioWebAccessExternalAuthError("The provided assertion is invalid")
timeout = data[self.timeout_attribute_name]
if timeout < time.time():
raise InvenioWebAccessExternalAuthError("The provided assertion is expired")
userip = data.get(self.userip_attribute_name)
if not self.check_user_ip or (normalize_ip(userip) == normalize_ip(req.remote_ip)):
return data
else:
raise InvenioWebAccessExternalAuthError("The provided assertion has been issued for a different IP address (%s instead of %s)" % (userip, req.remote_ip))
def _process_json_request(self, form, req):
"""Takes care about the json requests."""
argd = wash_urlargd(form, {
self._JSON_DATA_KEY: (str, ""),
})
# load json data
json_data_string = argd[self._JSON_DATA_KEY]
json_data_unicode = json.loads(json_data_string)
json_data = json_unicode_to_utf8(json_data_unicode)
language = json_data["language"]
search_criteria = json_data["searchCriteria"]
output_tags = json_data["outputTags"]
output_tags = output_tags.split(',')
output_tags = [tag.strip() for tag in output_tags]
action_type = json_data["actionType"]
current_record_id = json_data["currentRecordID"]
commands = json_data["commands"]
output_format = json_data["outputFormat"]
page_to_display = json_data["pageToDisplay"]
collection = json_data["collection"]
compute_modifications = json_data["compute_modifications"]
json_response = {}
if action_type == self._action_types.test_search:
json_response.update(multi_edit_engine.perform_request_test_search(
search_criteria,
[],
output_format,
page_to_display,
language,
output_tags,
collection))
json_response['display_info_box'] = 1
json_response['info_html'] = ""
return json.dumps(json_response)
elif action_type == self._action_types.display_detailed_record:
json_response.update(multi_edit_engine.perform_request_detailed_record(
current_record_id,
[],
output_format,
language))
return json.dumps(json_response)
elif action_type == self._action_types.preview_results:
commands_list, upload_mode, tag_list = self._create_commands_list(commands)
json_response = {}
json_response.update(multi_edit_engine.perform_request_test_search(
search_criteria,
commands_list,
output_format,
page_to_display,
language,
output_tags,
collection,
compute_modifications))
return json.dumps(json_response)
elif action_type == self._action_types.display_detailed_result:
commands_list, upload_mode, tag_list = self._create_commands_list(commands)
json_response.update(multi_edit_engine.perform_request_detailed_record(
current_record_id,
commands_list,
output_format,
language))
return json.dumps(json_response)
elif action_type == self._action_types.submit_changes:
commands_list, upload_mode, tag_list = self._create_commands_list(commands)
json_response.update(multi_edit_engine.perform_request_submit_changes(search_criteria, commands_list, language, upload_mode, tag_list, collection, req))
return json.dumps(json_response)
# In case we obtain wrong action type we return empty page.
return " "
def index(self, req, form):
"""Handle all BibEdit requests.
The responsibilities of this functions is:
* JSON decoding and encoding.
* Redirection, if necessary.
* Authorization.
* Calling the appropriate function from the engine.
"""
uid = getUid(req)
argd = wash_urlargd(form, {'ln': (str, CFG_SITE_LANG)})
# Abort if the simplejson module isn't available
if not simplejson_available:
title = 'Record Editor'
body = '''Sorry, the record editor cannot operate when the
`simplejson' module is not installed. Please see the INSTALL
file.'''
return page(title = title,
body = body,
errors = [],
warnings = [],
uid = uid,
language = argd['ln'],
navtrail = navtrail,
lastupdated = __lastupdated__,
req = req)
# If it is an Ajax request, extract any JSON data.
ajax_request, recid = False, None
if form.has_key('jsondata'):
json_data = json.loads(str(form['jsondata']))
# Deunicode all strings (Invenio doesn't have unicode
# support).
json_data = json_unicode_to_utf8(json_data)
ajax_request = True
if json_data.has_key('recID'):
recid = json_data['recID']
json_response = {'resultCode': 0, 'ID': json_data['ID']}
# Authorization.
user_info = collect_user_info(req)
if user_info['email'] == 'guest':
# User is not logged in.
if not ajax_request:
# Do not display the introductory recID selection box to guest
# users (as it used to be with v0.99.0):
auth_code, auth_message = acc_authorize_action(req,
'runbibedit')
referer = '/edit/'
if self.recid:
referer = '/record/%s/edit/' % self.recid
return page_not_authorized(req=req, referer=referer,
text=auth_message, navtrail=navtrail)
else:
# Session has most likely timed out.
json_response.update({'resultCode': 100})
return json.dumps(json_response)
elif self.recid:
# Handle RESTful calls from logged in users by redirecting to
# generic URL.
redirect_to_url(req, '%s/record/edit/#state=edit&recid=%s&recrev=%s' % (
CFG_SITE_URL, self.recid, ""))
elif recid is not None:
json_response.update({'recID': recid})
# Authorize access to record.
auth_code, auth_message = acc_authorize_action(req, 'runbibedit',
collection=guess_primary_collection_of_a_record(recid))
if auth_code != 0:
json_response.update({'resultCode': 101})
return json.dumps(json_response)
# Handle request.
if not ajax_request:
# Show BibEdit start page.
body, errors, warnings = perform_request_init(uid, argd['ln'], req, __lastupdated__)
title = 'Record Editor'
return page(title = title,
body = body,
errors = errors,
warnings = warnings,
uid = uid,
language = argd['ln'],
navtrail = navtrail,
lastupdated = __lastupdated__,
req = req)
else:
# Handle AJAX request.
json_response.update(perform_request_ajax(req, recid, uid,
json_data))
return json.dumps(json_response)
def index(self, req, form):
"""Handle all BibMerge requests.
The responsibilities of this functions are:
* JSON decoding and encoding.
* Redirection, if necessary.
* Authorization.
* Calling the appropriate function from the engine.
"""
# If it is an Ajax request, extract any JSON data.
ajax_request, recid1, recid2 = False, None, None
argd = wash_urlargd(form, {'ln': (str, CFG_SITE_LANG)})
if form.has_key('jsondata'):
json_data = json.loads(str(form['jsondata']))
# Deunicode all strings (Invenio doesn't have unicode
# support).
json_data = json_unicode_to_utf8(json_data)
ajax_request = True
json_response = {}
if json_data.has_key('recID1'):
recid1 = json_data['recID1']
if json_data.has_key('recID2'):
recid2 = json_data['recID2']
# Authorization.
user_info = collect_user_info(req)
if user_info['email'] == 'guest':
# User is not logged in.
if not ajax_request:
# Do not display the introductory recID selection box to guest
# users (as it used to be with v0.99.0):
auth_code, auth_message = acc_authorize_action(req, 'runbibmerge')
referer = '/merge/'
return page_not_authorized(req=req, referer=referer,
text=auth_message, navtrail=navtrail)
else:
# Session has most likely timed out.
json_response.update({'resultCode': 1,
'resultText': 'Error: Not logged in'})
return json.dumps(json_response)
elif self.recid:
# Handle RESTful call by storing recid and redirecting to
# generic URL.
redirect_to_url(req, '%s/record/merge/' % CFG_SITE_URL )
if recid1 is not None:
# Authorize access to record 1.
auth_code, auth_message = acc_authorize_action(req, 'runbibmerge',
collection=guess_primary_collection_of_a_record(recid1))
if auth_code != 0:
json_response.update({'resultCode': 1, 'resultText': 'No access to record %s' % recid1})
return json.dumps(json_response)
if recid2 is not None:
# Authorize access to record 2.
auth_code, auth_message = acc_authorize_action(req, 'runbibmerge',
collection=guess_primary_collection_of_a_record(recid2))
if auth_code != 0:
json_response.update({'resultCode': 1, 'resultText': 'No access to record %s' % recid2})
return json.dumps(json_response)
# Handle request.
uid = getUid(req)
if not ajax_request:
# Show BibEdit start page.
body, errors, warnings = perform_request_init()
metaheaderadd = """<script type="text/javascript" src="%(site)s/js/jquery.min.js"></script>
<script type="text/javascript" src="%(site)s/js/json2.js"></script>
<script type="text/javascript" src="%(site)s/js/bibmerge_engine.js"></script>""" % {'site': CFG_SITE_URL}
title = 'Record Merger'
return page(title = title,
metaheaderadd = metaheaderadd,
body = body,
errors = errors,
warnings = warnings,
uid = uid,
language = argd['ln'],
navtrail = navtrail,
lastupdated = __lastupdated__,
req = req)
else:
# Handle AJAX request.
json_response = perform_request_ajax(req, uid, json_data)
return json.dumps(json_response)
def index(self, req, form):
"""Handle all BibMerge requests.
The responsibilities of this functions are:
* JSON decoding and encoding.
* Redirection, if necessary.
* Authorization.
* Calling the appropriate function from the engine.
"""
# If it is an Ajax request, extract any JSON data.
ajax_request, recid1, recid2 = False, None, None
argd = wash_urlargd(form, {'ln': (str, CFG_SITE_LANG)})
if form.has_key('jsondata'):
json_data = json.loads(str(form['jsondata']))
# Deunicode all strings (Invenio doesn't have unicode
# support).
json_data = json_unicode_to_utf8(json_data)
ajax_request = True
json_response = {}
if json_data.has_key('recID1'):
recid1 = json_data['recID1']
if json_data.has_key('recID2'):
recid2 = json_data['recID2']
# Authorization.
user_info = collect_user_info(req)
if user_info['email'] == 'guest':
# User is not logged in.
if not ajax_request:
# Do not display the introductory recID selection box to guest
# users (as it used to be with v0.99.0):
auth_code, auth_message = acc_authorize_action(
req, 'runbibmerge')
referer = '/merge/'
return page_not_authorized(req=req,
referer=referer,
text=auth_message,
navtrail=navtrail)
else:
# Session has most likely timed out.
json_response.update({
'resultCode': 1,
'resultText': 'Error: Not logged in'
})
return json.dumps(json_response)
elif self.recid:
# Handle RESTful call by storing recid and redirecting to
# generic URL.
redirect_to_url(req,
'%s/%s/merge/' % (CFG_SITE_URL, CFG_SITE_RECORD))
if recid1 is not None:
# Authorize access to record 1.
auth_code, auth_message = acc_authorize_action(
req,
'runbibmerge',
collection=guess_primary_collection_of_a_record(recid1))
if auth_code != 0:
json_response.update({
'resultCode':
1,
'resultText':
'No access to record %s' % recid1
})
return json.dumps(json_response)
if recid2 is not None:
# Authorize access to record 2.
auth_code, auth_message = acc_authorize_action(
req,
'runbibmerge',
collection=guess_primary_collection_of_a_record(recid2))
if auth_code != 0:
json_response.update({
'resultCode':
1,
'resultText':
'No access to record %s' % recid2
})
return json.dumps(json_response)
# Handle request.
uid = getUid(req)
if not ajax_request:
# Show BibEdit start page.
body, errors, warnings = perform_request_init()
metaheaderadd = """<script type="text/javascript" src="%(site)s/js/jquery.min.js"></script>
<script type="text/javascript" src="%(site)s/js/json2.js"></script>
<script type="text/javascript" src="%(site)s/js/bibmerge_engine.js"></script>""" % {
'site': CFG_SITE_URL
}
title = 'Record Merger'
return page(title=title,
metaheaderadd=metaheaderadd,
body=body,
errors=errors,
warnings=warnings,
uid=uid,
language=argd['ln'],
navtrail=navtrail,
lastupdated=__lastupdated__,
req=req)
else:
# Handle AJAX request.
json_response = perform_request_ajax(req, uid, json_data)
return json.dumps(json_response)
def templates(self, req, form):
"""handle a edit/templates request"""
uid = getUid(req)
argd = wash_urlargd(form, {'ln': (str, CFG_SITE_LANG)})
# Abort if the simplejson module isn't available
if not simplejson_available:
title = 'Record Editor Template Manager'
body = '''Sorry, the record editor cannot operate when the
`simplejson' module is not installed. Please see the INSTALL
file.'''
return page(title = title,
body = body,
errors = [],
warnings = [],
uid = uid,
language = argd['ln'],
navtrail = navtrail_bibedit,
lastupdated = __lastupdated__,
req = req)
# If it is an Ajax request, extract any JSON data.
ajax_request = False
if form.has_key('jsondata'):
json_data = json.loads(str(form['jsondata']))
# Deunicode all strings (Invenio doesn't have unicode
# support).
json_data = json_unicode_to_utf8(json_data)
ajax_request = True
json_response = {'resultCode': 0}
# Authorization.
user_info = collect_user_info(req)
if user_info['email'] == 'guest':
# User is not logged in.
if not ajax_request:
# Do not display the introductory recID selection box to guest
# users (as it used to be with v0.99.0):
dummy_auth_code, auth_message = acc_authorize_action(req,
'runbibedit')
referer = '/edit'
return page_not_authorized(req=req, referer=referer,
text=auth_message, navtrail=navtrail)
else:
# Session has most likely timed out.
json_response.update({'resultCode': 100})
return json.dumps(json_response)
# Handle request.
if not ajax_request:
# Show BibEdit template management start page.
body, errors, warnings = perform_request_init_template_interface()
title = 'Record Editor Template Manager'
return page(title = title,
body = body,
errors = errors,
warnings = warnings,
uid = uid,
language = argd['ln'],
navtrail = navtrail_bibedit,
lastupdated = __lastupdated__,
req = req)
else:
# Handle AJAX request.
json_response.update(perform_request_ajax_template_interface(json_data))
return json.dumps(json_response)
